Cannot attach currently-unknown CVEs via linkCVE()

Bug #439470 reported by Kees Cook on 2009-09-30
22
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Low
Simon Quigley

Bug Description

In the API, the linkCVE() routine does not allow adding as-yet-unknown CVEs to a bug. This is very handy to have when assigning CVEs, or when work is happening on a CVE faster than Malone reads the CVE list from Mitre. As a work-around, you can force it to take a CVE if you put CVE-YYYY-NNNN into newMessage(), so I would just like to see the linkCVE() checks relaxed.

(This is likely related to bug 66877.)

Kees Cook (kees) on 2009-09-30
tags: added: api
Graham Binns (gmb) wrote :

I think a better solution would be to make linkCVE either automatically create new CVE records when passed as-yet-unknown ones, or accept a parameter, create_if_unknown, which tells it to do that (so the default API remains unchanged).

Changed in malone:
importance: Undecided → Medium
status: New → Triaged
Kees Cook (kees) on 2009-10-20
tags: added: platform-want
Curtis Hovey (sinzui) on 2011-10-01
Changed in launchpad:
importance: Medium → Low
Seth Arnold (seth-arnold) wrote :

Note that the CVE format has changed to allow CVE-YYYY-N{4,7}: https://cve.mitre.org/cve/identifiers/syntaxchange.html

THanks

Colin Watson (cjwatson) wrote :

Seth: Launchpad was fixed to account for that syntax change in March 2014.

Simon Quigley (tsimonq2) on 2017-10-01
Changed in launchpad:
status: Triaged → In Progress
assignee: nobody → Simon Quigley (tsimonq2)
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers