CIP-dev Archive on lore.kernel.org
 help / color / Atom feed
* [cip-dev] improve show-description results
@ 2020-09-25  3:59 Daniel Sangorrin
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description' Daniel Sangorrin
                   ` (3 more replies)
  0 siblings, 4 replies; 11+ messages in thread
From: Daniel Sangorrin @ 2020-09-25  3:59 UTC (permalink / raw)
  To: sz.lin, ben.hutchings, wens; +Cc: cip-dev


[-- Attachment #1: Type: text/plain, Size: 360 bytes --]

I had this in the backlog for a long time. These
patches, improve the way CVEs' descriptions are displayed
when calling scripts/report_affected.py with the option
--show-description` enabled.

[1/3] report_affected: word-wrap for the 'description'
[2/3] report_affected: Delete extra blank lines
[3/3] issues: fill in the description field of

Thanks,
Daniel


[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5472): https://lists.cip-project.org/g/cip-dev/message/5472
Mute This Topic: https://lists.cip-project.org/mt/77073039/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description'
  2020-09-25  3:59 [cip-dev] improve show-description results Daniel Sangorrin
@ 2020-09-25  3:59 ` Daniel Sangorrin
  2020-10-08  7:58   ` Chen-Yu Tsai (Moxa)
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs Daniel Sangorrin
                   ` (2 subsequent siblings)
  3 siblings, 1 reply; 11+ messages in thread
From: Daniel Sangorrin @ 2020-09-25  3:59 UTC (permalink / raw)
  To: sz.lin, ben.hutchings, wens; +Cc: cip-dev


[-- Attachment #1: Type: text/plain, Size: 1522 bytes --]

From: Nguyen Van Hieu <hieu2.nguyenvan@toshiba.co.jp>

Currently some descriptions are quite long, and it is hard to read.
Add line-breaks so every line is at most 80 characters long.

Signed-off-by: Nguyen Van Hieu <hieu2.nguyenvan@toshiba.co.jp>
Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
---
 scripts/report_affected.py | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/scripts/report_affected.py b/scripts/report_affected.py
index a97b700..a181d97 100755
--- a/scripts/report_affected.py
+++ b/scripts/report_affected.py
@@ -19,6 +19,7 @@ import kernel_sec.branch
 import kernel_sec.issue
 import kernel_sec.version
 
+import textwrap
 
 def main(git_repo, remotes, only_fixed_upstream,
          include_ignored, show_description, *branch_names):
@@ -136,8 +137,11 @@ def main(git_repo, remotes, only_fixed_upstream,
         if show_description:
             print('%s:' % branch['full_name'])
             for cve_id in sorted_cve_ids:
-                print(cve_id, '=>',
-                      kernel_sec.issue.load(cve_id).get('description', 'None'))
+                description=kernel_sec.issue.load(cve_id).get('description', 'None')
+                wrap_description = ''
+                for line in textwrap.wrap(description, 80, break_long_words=False):
+                    wrap_description += line + '\n  '
+                print(cve_id, '=>',wrap_description)
         else:
             print('%s:' % branch['full_name'], *sorted_cve_ids)
 
-- 
2.25.1


[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5474): https://lists.cip-project.org/g/cip-dev/message/5474
Mute This Topic: https://lists.cip-project.org/mt/77073066/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs
  2020-09-25  3:59 [cip-dev] improve show-description results Daniel Sangorrin
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description' Daniel Sangorrin
@ 2020-09-25  3:59 ` Daniel Sangorrin
  2020-10-08  7:59   ` Chen-Yu Tsai (Moxa)
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs Daniel Sangorrin
  2020-09-30  3:29 ` [cip-dev] improve show-description results Chen-Yu Tsai (Moxa)
  3 siblings, 1 reply; 11+ messages in thread
From: Daniel Sangorrin @ 2020-09-25  3:59 UTC (permalink / raw)
  To: sz.lin, ben.hutchings, wens; +Cc: cip-dev


[-- Attachment #1: Type: text/plain, Size: 1007 bytes --]

From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>

When using the --show-description option CVEs had blank
lines between them. Remove them to make it more compact.

Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
---
 scripts/report_affected.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/report_affected.py b/scripts/report_affected.py
index a181d97..9894602 100755
--- a/scripts/report_affected.py
+++ b/scripts/report_affected.py
@@ -141,7 +141,7 @@ def main(git_repo, remotes, only_fixed_upstream,
                 wrap_description = ''
                 for line in textwrap.wrap(description, 80, break_long_words=False):
                     wrap_description += line + '\n  '
-                print(cve_id, '=>',wrap_description)
+                print(cve_id, '=>',wrap_description.strip())
         else:
             print('%s:' % branch['full_name'], *sorted_cve_ids)
 
-- 
2.25.1


[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5473): https://lists.cip-project.org/g/cip-dev/message/5473
Mute This Topic: https://lists.cip-project.org/mt/77073065/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs
  2020-09-25  3:59 [cip-dev] improve show-description results Daniel Sangorrin
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description' Daniel Sangorrin
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs Daniel Sangorrin
@ 2020-09-25  3:59 ` Daniel Sangorrin
  2020-10-08  8:18   ` Chen-Yu Tsai (Moxa)
  2020-09-30  3:29 ` [cip-dev] improve show-description results Chen-Yu Tsai (Moxa)
  3 siblings, 1 reply; 11+ messages in thread
From: Daniel Sangorrin @ 2020-09-25  3:59 UTC (permalink / raw)
  To: sz.lin, ben.hutchings, wens; +Cc: cip-dev


[-- Attachment #1: Type: text/plain, Size: 6404 bytes --]

From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>

I noticed that some issues have the description field empty
when using the --show-description option.

Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
---
 issues/CVE-2016-6213.yml    | 5 ++++-
 issues/CVE-2017-1000364.yml | 5 ++++-
 issues/CVE-2017-1000365.yml | 6 +++++-
 issues/CVE-2017-1000379.yml | 5 ++++-
 issues/CVE-2017-16538.yml   | 5 ++++-
 issues/CVE-2019-15214.yml   | 6 +++++-
 issues/CVE-2019-20794.yml   | 6 +++++-
 issues/CVE-2020-11725.yml   | 8 +++++++-
 8 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/issues/CVE-2016-6213.yml b/issues/CVE-2016-6213.yml
index 31762df..58bf472 100644
--- a/issues/CVE-2016-6213.yml
+++ b/issues/CVE-2016-6213.yml
@@ -1,4 +1,7 @@
-description: ''
+description: |-
+  fs/namespace.c in the Linux kernel before 4.9 does not restrict how many mounts may exist in a mount namespace,
+  which allows local users to cause a denial of service (memory consumption and deadlock) via MS_BIND mount system calls,
+  as demonstrated by a loop that triggers exponential growth in the number of mounts.
 references:
 - http://www.openwall.com/lists/oss-security/2016/07/13/6
 - https://lkml.org/lkml/2016/8/28/269
diff --git a/issues/CVE-2017-1000364.yml b/issues/CVE-2017-1000364.yml
index 8841754..c566c5b 100644
--- a/issues/CVE-2017-1000364.yml
+++ b/issues/CVE-2017-1000364.yml
@@ -1,4 +1,7 @@
-description: ''
+description: |-
+  An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard
+  page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed),
+  this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
 references:
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000364
 - http://www.ubuntu.com/usn/usn-3324-1
diff --git a/issues/CVE-2017-1000365.yml b/issues/CVE-2017-1000365.yml
index 6cbae0b..f87ca53 100644
--- a/issues/CVE-2017-1000365.yml
+++ b/issues/CVE-2017-1000365.yml
@@ -1,4 +1,8 @@
-description: ''
+description: |-
+  The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through
+  RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers
+  into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier.
+  It appears that this feature was introduced in the Linux Kernel version 2.6.23.
 references:
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000365
 - https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
diff --git a/issues/CVE-2017-1000379.yml b/issues/CVE-2017-1000379.yml
index 93258d8..2ae11b1 100644
--- a/issues/CVE-2017-1000379.yml
+++ b/issues/CVE-2017-1000379.yml
@@ -1,4 +1,7 @@
-description: ''
+description: |-
+  The Linux Kernel running on AMD64 systems will sometimes map the contents of PIE executable,
+  the heap or ld.so to where the stack is mapped allowing attackers to more easily manipulate the stack.
+  Linux Kernel version 4.11.5 is affected.
 references:
 - https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000379
diff --git a/issues/CVE-2017-16538.yml b/issues/CVE-2017-16538.yml
index 793db3f..c466041 100644
--- a/issues/CVE-2017-16538.yml
+++ b/issues/CVE-2017-16538.yml
@@ -1,4 +1,7 @@
-description: ''
+description: |-
+  drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service
+  (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device,
+  related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
 references:
 - https://patchwork.linuxtv.org/patch/44566/
 - https://patchwork.linuxtv.org/patch/44567/
diff --git a/issues/CVE-2019-15214.yml b/issues/CVE-2019-15214.yml
index c92091b..cb6006d 100644
--- a/issues/CVE-2019-15214.yml
+++ b/issues/CVE-2019-15214.yml
@@ -1,4 +1,8 @@
-description: ''
+description: |-
+  An issue was discovered in the Linux kernel before 5.0.10.
+  There is a use-after-free in the sound subsystem because
+  card disconnection causes certain data structures to be deleted too early.
+  This is related to sound/core/init.c and sound/core/info.c.
 references:
 - https://syzkaller.appspot.com/bug?id=75903e0021cef79bc434d068b5169b599b2a46a9
 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15214
diff --git a/issues/CVE-2019-20794.yml b/issues/CVE-2019-20794.yml
index 43e3ccf..8f30e12 100644
--- a/issues/CVE-2019-20794.yml
+++ b/issues/CVE-2019-20794.yml
@@ -1,4 +1,8 @@
-description: ''
+description: |-
+  An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed.
+  A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem,
+  if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task,
+  and resources being permanently locked up until system reboot. This can result in resource exhaustion.
 references:
 - https://github.com/sargun/fuse-example
 - https://sourceforge.net/p/fuse/mailman/message/36598753/
diff --git a/issues/CVE-2020-11725.yml b/issues/CVE-2020-11725.yml
index ca2b80d..3cae05d 100644
--- a/issues/CVE-2020-11725.yml
+++ b/issues/CVE-2020-11725.yml
@@ -1,4 +1,10 @@
-description: ''
+description: |-
+  ** DISPUTED ** snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line,
+  which later affects a private_size*count multiplication for unspecified "interesting side effects."
+  NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added
+  that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept.
+  The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE,
+  have been designed to misuse the info->owner field in a safe way.
 references:
 - https://twitter.com/yabbadabbadrew/status/1248632267028582400
 - https://lore.kernel.org/alsa-devel/s5h4ktmlfpx.wl-tiwai@suse.de/
-- 
2.25.1


[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5475): https://lists.cip-project.org/g/cip-dev/message/5475
Mute This Topic: https://lists.cip-project.org/mt/77073076/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] improve show-description results
  2020-09-25  3:59 [cip-dev] improve show-description results Daniel Sangorrin
                   ` (2 preceding siblings ...)
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs Daniel Sangorrin
@ 2020-09-30  3:29 ` Chen-Yu Tsai (Moxa)
  3 siblings, 0 replies; 11+ messages in thread
From: Chen-Yu Tsai (Moxa) @ 2020-09-30  3:29 UTC (permalink / raw)
  To: cip-dev; +Cc: SZ Lin (林上智), Ben Hutchings


[-- Attachment #1: Type: text/plain, Size: 588 bytes --]

Hi,

On Fri, Sep 25, 2020 at 12:00 PM Daniel Sangorrin
<daniel.sangorrin@toshiba.co.jp> wrote:
>
> I had this in the backlog for a long time. These
> patches, improve the way CVEs' descriptions are displayed
> when calling scripts/report_affected.py with the option
> --show-description` enabled.
>
> [1/3] report_affected: word-wrap for the 'description'
> [2/3] report_affected: Delete extra blank lines
> [3/3] issues: fill in the description field of

Thanks for submitting these.

I'll take a look at them next week, after the long weekend here.

ChenYu

> Thanks,
> Daniel
>
>
> 
>

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5482): https://lists.cip-project.org/g/cip-dev/message/5482
Mute This Topic: https://lists.cip-project.org/mt/77073039/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description'
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description' Daniel Sangorrin
@ 2020-10-08  7:58   ` Chen-Yu Tsai (Moxa)
  0 siblings, 0 replies; 11+ messages in thread
From: Chen-Yu Tsai (Moxa) @ 2020-10-08  7:58 UTC (permalink / raw)
  To: cip-dev; +Cc: SZ Lin (林上智), Ben Hutchings


[-- Attachment #1: Type: text/plain, Size: 2362 bytes --]

On Fri, Sep 25, 2020 at 12:00 PM Daniel Sangorrin
<daniel.sangorrin@toshiba.co.jp> wrote:
>
> From: Nguyen Van Hieu <hieu2.nguyenvan@toshiba.co.jp>
>
> Currently some descriptions are quite long, and it is hard to read.
> Add line-breaks so every line is at most 80 characters long.
>
> Signed-off-by: Nguyen Van Hieu <hieu2.nguyenvan@toshiba.co.jp>
> Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
> ---
>  scripts/report_affected.py | 8 ++++++--
>  1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/scripts/report_affected.py b/scripts/report_affected.py
> index a97b700..a181d97 100755
> --- a/scripts/report_affected.py
> +++ b/scripts/report_affected.py
> @@ -19,6 +19,7 @@ import kernel_sec.branch
>  import kernel_sec.issue
>  import kernel_sec.version
>
> +import textwrap
>
>  def main(git_repo, remotes, only_fixed_upstream,
>           include_ignored, show_description, *branch_names):
> @@ -136,8 +137,11 @@ def main(git_repo, remotes, only_fixed_upstream,
>          if show_description:
>              print('%s:' % branch['full_name'])
>              for cve_id in sorted_cve_ids:
> -                print(cve_id, '=>',
> -                      kernel_sec.issue.load(cve_id).get('description', 'None'))
> +                description=kernel_sec.issue.load(cve_id).get('description', 'None')
> +                wrap_description = ''
> +                for line in textwrap.wrap(description, 80, break_long_words=False):
> +                    wrap_description += line + '\n  '

I believe it would be better to include the "CVE => " string in the full text
passed to textwrap. That would make all lines properly wrapped at the given
width.

Also, textwrap can handle indentation for subsequent lines, so you don't have
to handle that yourself. And it might be easier to read if they matched up
with the beginning of the description in the first line.

Last, you could use join() to combine the lines.

So I would rewrite the part as:

    text = cve_id + ' => ' +
kernel_sec.issue.load(cve_id).get('description', 'None')
    print('\n'.join(textwrap.wrap(text, 80, subsequent_indent=' ' *
(len(cve_id) + 4), break_long_words=False)))


ChenYu
Moxa


> +                print(cve_id, '=>',wrap_description)
>          else:
>              print('%s:' % branch['full_name'], *sorted_cve_ids)
>
> --
> 2.25.1
>
>
> 
>

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5509): https://lists.cip-project.org/g/cip-dev/message/5509
Mute This Topic: https://lists.cip-project.org/mt/77073066/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs Daniel Sangorrin
@ 2020-10-08  7:59   ` Chen-Yu Tsai (Moxa)
  2020-10-08  8:00     ` Chen-Yu Tsai (Moxa)
  0 siblings, 1 reply; 11+ messages in thread
From: Chen-Yu Tsai (Moxa) @ 2020-10-08  7:59 UTC (permalink / raw)
  To: cip-dev; +Cc: SZ Lin (林上智), Ben Hutchings


[-- Attachment #1: Type: text/plain, Size: 1252 bytes --]

On Fri, Sep 25, 2020 at 12:00 PM Daniel Sangorrin
<daniel.sangorrin@toshiba.co.jp> wrote:
>
> From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
>
> When using the --show-description option CVEs had blank
> lines between them. Remove them to make it more compact.
>
> Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>

Reviewed-by: Chen-Yu Tsai (Moxa) <wens@csie.org>

Though these occurrences seem to be very rare.

> ---
>  scripts/report_affected.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/report_affected.py b/scripts/report_affected.py
> index a181d97..9894602 100755
> --- a/scripts/report_affected.py
> +++ b/scripts/report_affected.py
> @@ -141,7 +141,7 @@ def main(git_repo, remotes, only_fixed_upstream,
>                  wrap_description = ''
>                  for line in textwrap.wrap(description, 80, break_long_words=False):
>                      wrap_description += line + '\n  '
> -                print(cve_id, '=>',wrap_description)
> +                print(cve_id, '=>',wrap_description.strip())
>          else:
>              print('%s:' % branch['full_name'], *sorted_cve_ids)
>
> --
> 2.25.1
>
>
> 
>

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5510): https://lists.cip-project.org/g/cip-dev/message/5510
Mute This Topic: https://lists.cip-project.org/mt/77073065/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs
  2020-10-08  7:59   ` Chen-Yu Tsai (Moxa)
@ 2020-10-08  8:00     ` Chen-Yu Tsai (Moxa)
  0 siblings, 0 replies; 11+ messages in thread
From: Chen-Yu Tsai (Moxa) @ 2020-10-08  8:00 UTC (permalink / raw)
  To: cip-dev; +Cc: SZ Lin (林上智), Ben Hutchings


[-- Attachment #1: Type: text/plain, Size: 682 bytes --]

On Thu, Oct 8, 2020 at 3:59 PM Chen-Yu Tsai <wens@csie.org> wrote:
>
> On Fri, Sep 25, 2020 at 12:00 PM Daniel Sangorrin
> <daniel.sangorrin@toshiba.co.jp> wrote:
> >
> > From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> >
> > When using the --show-description option CVEs had blank
> > lines between them. Remove them to make it more compact.
> >
> > Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> > Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
>
> Reviewed-by: Chen-Yu Tsai (Moxa) <wens@csie.org>
>
> Though these occurrences seem to be very rare.

Jumped the gun. This patch is no longer needed if you use join()
to combine the lines.

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5511): https://lists.cip-project.org/g/cip-dev/message/5511
Mute This Topic: https://lists.cip-project.org/mt/77073065/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs
  2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs Daniel Sangorrin
@ 2020-10-08  8:18   ` Chen-Yu Tsai (Moxa)
  2020-10-14  4:16     ` Daniel Sangorrin
  0 siblings, 1 reply; 11+ messages in thread
From: Chen-Yu Tsai (Moxa) @ 2020-10-08  8:18 UTC (permalink / raw)
  To: cip-dev; +Cc: SZ Lin (林上智), Ben Hutchings


[-- Attachment #1: Type: text/plain, Size: 501 bytes --]

On Fri, Sep 25, 2020 at 12:01 PM Daniel Sangorrin
<daniel.sangorrin@toshiba.co.jp> wrote:
>
> From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
>
> I noticed that some issues have the description field empty
> when using the --show-description option.
>
> Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>

Looks like all the new descriptions were copied from MITRE.

Reviewed-by: Chen-Yu Tsai (Moxa) <wens@csie.org>

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5512): https://lists.cip-project.org/g/cip-dev/message/5512
Mute This Topic: https://lists.cip-project.org/mt/77073076/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs
  2020-10-08  8:18   ` Chen-Yu Tsai (Moxa)
@ 2020-10-14  4:16     ` Daniel Sangorrin
  2020-10-14  4:21       ` Chen-Yu Tsai (Moxa)
  0 siblings, 1 reply; 11+ messages in thread
From: Daniel Sangorrin @ 2020-10-14  4:16 UTC (permalink / raw)
  To: cip-dev; +Cc: sz.lin, ben.hutchings


[-- Attachment #1: Type: text/plain, Size: 1125 bytes --]

Hello Chen-yu,

Thanks for your check.

> -----Original Message-----
> From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Chen-Yu Tsai (Moxa)
> Sent: Thursday, October 8, 2020 5:19 PM
> To: cip-dev@lists.cip-project.org
> Cc: SZ Lin (林上智) <sz.lin@moxa.com>; Ben Hutchings <ben.hutchings@codethink.co.uk>
> Subject: Re: [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs
> 
> On Fri, Sep 25, 2020 at 12:01 PM Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp> wrote:
> >
> > From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> >
> > I noticed that some issues have the description field empty when using
> > the --show-description option.
> >
> > Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> > Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
> 
> Looks like all the new descriptions were copied from MITRE.
> 
> Reviewed-by: Chen-Yu Tsai (Moxa) <wens@csie.org>

Is there a problem with that?
The MITRE license is included in the COPYING file as far as I know.

Thanks,
Daniel





[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5572): https://lists.cip-project.org/g/cip-dev/message/5572
Mute This Topic: https://lists.cip-project.org/mt/77073076/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

* Re: [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs
  2020-10-14  4:16     ` Daniel Sangorrin
@ 2020-10-14  4:21       ` Chen-Yu Tsai (Moxa)
  0 siblings, 0 replies; 11+ messages in thread
From: Chen-Yu Tsai (Moxa) @ 2020-10-14  4:21 UTC (permalink / raw)
  To: cip-dev; +Cc: SZ Lin (林上智), Ben Hutchings


[-- Attachment #1: Type: text/plain, Size: 1329 bytes --]

On Wed, Oct 14, 2020 at 12:16 PM Daniel Sangorrin
<daniel.sangorrin@toshiba.co.jp> wrote:
>
> Hello Chen-yu,
>
> Thanks for your check.
>
> > -----Original Message-----
> > From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Chen-Yu Tsai (Moxa)
> > Sent: Thursday, October 8, 2020 5:19 PM
> > To: cip-dev@lists.cip-project.org
> > Cc: SZ Lin (林上智) <sz.lin@moxa.com>; Ben Hutchings <ben.hutchings@codethink.co.uk>
> > Subject: Re: [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs
> >
> > On Fri, Sep 25, 2020 at 12:01 PM Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp> wrote:
> > >
> > > From: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> > >
> > > I noticed that some issues have the description field empty when using
> > > the --show-description option.
> > >
> > > Signed-off-by: nguyen van hieu <hieu2.nguyenvan@toshiba.co.jp>
> > > Signed-off-by: Daniel Sangorrin <daniel.sangorrin@toshiba.co.jp>
> >
> > Looks like all the new descriptions were copied from MITRE.
> >
> > Reviewed-by: Chen-Yu Tsai (Moxa) <wens@csie.org>
>
> Is there a problem with that?
> The MITRE license is included in the COPYING file as far as I know.

Not at all. I'm merely stating that the descriptions match a known source.

ChenYu

[-- Attachment #2: Type: text/plain, Size: 420 bytes --]


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#5573): https://lists.cip-project.org/g/cip-dev/message/5573
Mute This Topic: https://lists.cip-project.org/mt/77073076/4520388
Group Owner: cip-dev+owner@lists.cip-project.org
Unsubscribe: https://lists.cip-project.org/g/cip-dev/leave/8129055/727948398/xyzzy [cip-dev@archiver.kernel.org]
-=-=-=-=-=-=-=-=-=-=-=-


^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, back to index

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-09-25  3:59 [cip-dev] improve show-description results Daniel Sangorrin
2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 1/3] report_affected: word-wrap for the 'description' Daniel Sangorrin
2020-10-08  7:58   ` Chen-Yu Tsai (Moxa)
2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 2/3] report_affected: Delete extra blank lines between CVEs Daniel Sangorrin
2020-10-08  7:59   ` Chen-Yu Tsai (Moxa)
2020-10-08  8:00     ` Chen-Yu Tsai (Moxa)
2020-09-25  3:59 ` [cip-dev] [cip-kernel-sec 3/3] issues: fill in the description field of remaining CVEs Daniel Sangorrin
2020-10-08  8:18   ` Chen-Yu Tsai (Moxa)
2020-10-14  4:16     ` Daniel Sangorrin
2020-10-14  4:21       ` Chen-Yu Tsai (Moxa)
2020-09-30  3:29 ` [cip-dev] improve show-description results Chen-Yu Tsai (Moxa)

CIP-dev Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/cip-dev/0 cip-dev/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 cip-dev cip-dev/ https://lore.kernel.org/cip-dev \
		cip-dev@lists.cip-project.org
	public-inbox-index cip-dev

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.cip-project.lists.cip-dev


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git