Secfixes Tracker issueshttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues2023-12-24T12:42:28Zhttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues/17Some fixed vulnerabilities are not shown2023-12-24T12:42:28ZKevin DaudtSome fixed vulnerabilities are not shown[CVE-2023-37457](https://security.alpinelinux.org/vuln/CVE-2023-37457) for example is fixed in edge and v3.19, but they are not shown at all.
The database has these versions available, but `published` is set to false. Manually setting `...[CVE-2023-37457](https://security.alpinelinux.org/vuln/CVE-2023-37457) for example is fixed in edge and v3.19, but they are not shown at all.
The database has these versions available, but `published` is set to false. Manually setting `published` to true will temporarily show them, but the next update will undo that again.
This potentially has to do with what versions are available in the APKINDEX.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues/16Sort 'Vulnerable and fixed packages' table on vulnerability page2023-12-22T21:17:31ZKevin DaudtSort 'Vulnerable and fixed packages' table on vulnerability pageThe entries are now in database order and more difficult to read.
We should probably sort it on (package_name, branch)The entries are now in database order and more difficult to read.
We should probably sort it on (package_name, branch)https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues/12refresh fixed CVE data on git push2023-08-16T14:18:36ZNatanael Coparefresh fixed CVE data on git pushWould be nice to have a git hook that will refresh the fixed CVE's data on git push.
That way I can work on fixing a few CVE's, get interrupted (answer a phone or having a break or whatever) and the go back and get and see the current s...Would be nice to have a git hook that will refresh the fixed CVE's data on git push.
That way I can work on fixing a few CVE's, get interrupted (answer a phone or having a break or whatever) and the go back and get and see the current status immediatly. So I don't start work on things that is already fixed but not yet updated on the secfixes tracker page.
To do this we should:
- [x] add optional argument for import-apkindex
- [ ] subscribe to mqtt upload to branch/repo and trigger import-apkindex for a given branch/repo
- [ ] subscribe to import-secfixes on git push events for given git branchhttps://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues/11overview over (un)resolved CVE per package and branch2023-04-13T06:14:41ZNatanael Copaoverview over (un)resolved CVE per package and branchWhen working on fixing CVEs for a package it is convenient to work on a specific package for a specific branch at the time.
For example, if I look at sudo CVE's I'd like a list of all CVE's that sudo in 3.17-community is vulnerable to.
...When working on fixing CVEs for a package it is convenient to work on a specific package for a specific branch at the time.
For example, if I look at sudo CVE's I'd like a list of all CVE's that sudo in 3.17-community is vulnerable to.
https://security.alpinelinux.org/srcpkg/sudo tells me what version the 3.17-community branch has, but it does not tell which CVEs affetcs that branch.
maybe we could have something like: https://security.alpinelinux.org/srcpkg/sudo/3.17-community which could list the affected CVEs for that branch for sudo.
Point is to make it easier to fix all CVE's in one commit.https://gitlab.alpinelinux.org/alpine/security/secfixes-tracker/-/issues/7Specific branch data per CVE and package version2022-05-05T21:53:56ZhadasbloomSpecific branch data per CVE and package versionWhen extracting the security tracker data in JSON format, each item in the `state` references a different branch with a different state and package version, but currently there isn't an easy way to identify which branch each item is rela...When extracting the security tracker data in JSON format, each item in the `state` references a different branch with a different state and package version, but currently there isn't an easy way to identify which branch each item is related to.
Is it possible to add this kind of data? Or otherwise, when requesting data under a specific branch `https://security.alpinelinux.org/branch/...` maybe it can be possible to see only the package versions relevant to that branch?
Thanks! :)