Cannot attach currently-unknown CVEs via linkCVE()

Bug #439470 reported by Kees Cook
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
In Progress
Low
Simon Quigley

Bug Description

In the API, the linkCVE() routine does not allow adding as-yet-unknown CVEs to a bug. This is very handy to have when assigning CVEs, or when work is happening on a CVE faster than Malone reads the CVE list from Mitre. As a work-around, you can force it to take a CVE if you put CVE-YYYY-NNNN into newMessage(), so I would just like to see the linkCVE() checks relaxed.

(This is likely related to bug 66877.)

Kees Cook (kees)
tags: added: api
Revision history for this message
Graham Binns (gmb) wrote :

I think a better solution would be to make linkCVE either automatically create new CVE records when passed as-yet-unknown ones, or accept a parameter, create_if_unknown, which tells it to do that (so the default API remains unchanged).

Changed in malone:
importance: Undecided → Medium
status: New → Triaged
Kees Cook (kees)
tags: added: platform-want
Curtis Hovey (sinzui)
Changed in launchpad:
importance: Medium → Low
Revision history for this message
Seth Arnold (seth-arnold) wrote :

Note that the CVE format has changed to allow CVE-YYYY-N{4,7}: https://cve.mitre.org/cve/identifiers/syntaxchange.html

THanks

Revision history for this message
Colin Watson (cjwatson) wrote :

Seth: Launchpad was fixed to account for that syntax change in March 2014.

Simon Quigley (tsimonq2)
Changed in launchpad:
status: Triaged → In Progress
assignee: nobody → Simon Quigley (tsimonq2)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.