Author: Federico Quattrin
Author Date: 2026-03-06 22:24:44 UTC

Merge remote-tracking branch 'mrmajumder/assign-go-git-to-mrmajumder'

Author: John Breton
Author Date: 2026-02-27 19:42:31 UTC

Switch to a pure-python debian version comparison

I believe the performance issues were related to spawning
various subprocesses when comparing Versions, which in
hindsight wasn't ideal. This commit ports lib/dpkg/version.c
into pure Python, which should give the same performance
benefits of apt_pkg without relying on its import

Additionally, fixed a small in USN.get_cveS_affecting_release(),
when looking back over the code I noticed the conditional here
were not matching what was previously implemented. I've re-added
a fast-path for `'regression' in self.title` to handle regression
USNs. I also combined two checks that were incorrectly being used
(the first elif was dead-code and would never trigger) and adapted
it to make use of version matching across a list of tuples.

Finally, I attempted to fix test/test_subproject_cve_creation.py. I
*think* this just requires the creation of $UCT/meta_lists/subprojects.json
where $UCT is the tmp testing directory created for this test.
Fingers crossed that fixes it.

Signed-off-by: John Breton <john.breton@canonical.com>

Author: Paulo Flabiano Smorigo
Author Date: 2026-01-15 14:45:04 UTC

scripts/generate_pkg_cache.py: Add a counter to check the progress if debug is on

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>

Author: Vyom Yadav
Author Date: 2026-01-09 15:08:18 UTC

Report per package missing package_info_overrides entries

Signed-off-by: Vyom Yadav <vyom.yadav@canonical.com>

Author: Rodrigo Figueiredo Zaiden
Author Date: 2025-12-18 12:57:54 UTC

s/check-cves: skip kernel pkg when debian is not-affected

 for upstream entry based on debian skip kernel pkg ('linux') to avoid
 things like:
   upstream_linux: not-affected (debian: Vulnerable code not present)
 as for the kernel pkg upstream is kernel.org and the autotriage bot
 does its job updating this entry.

Signed-off-by: Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com>

Author: Nick Galanis
Author Date: 2025-10-21 13:44:28 UTC

Change logic for filtering subproject releases

Signed-off-by: Nick Galanis <nick.galanis@canonical.com>

Author: Nick Galanis
Author Date: 2025-10-16 13:18:21 UTC

usn tooling: Ignore empty archs, temp fix for amd64v3 in questing

Signed-off-by: Nick Galanis <nick.galanis@canonical.com>

Author: John Breton
Author Date: 2025-06-04 14:20:10 UTC

Revise check-syntax check to be smarter

Now it only checks UCT CVEs by looking to see
if the release is in uct_required_releases, which
is what I should have done from the start .-.

Signed-off-by: John Breton <john.breton@canonical.com>

Author: Diogo Sousa
Author Date: 2024-06-12 12:58:25 UTC

Add CVE-2002-0367, CVE-2004-0210, CVE-2004-1464 to ignored

These CVEs are referenced in KEV but were not present in
our tracker

Added at the top to keep with rough chronological order

Author: Diogo Sousa
Author Date: 2024-04-30 17:19:08 UTC

Updated the esm_expires field in Trusty to reflect Legacy Support

Author: Mark Esler
Author Date: 2024-03-15 05:37:56 UTC

check-cves: deprecate optparse for argparse

Author: Marc Deslauriers
Author Date: 2024-02-16 15:33:55 UTC

check-syntax: remove bogus line numbers now that check-syntax-fixup is gone

Author: Leonidas S. Barbosa
Author Date: 2022-04-04 09:57:04 UTC

Adding special-ppa flag in order to handle ppas that are special for us and we want to adress, like ~canonical-chromium-browser

Author: Alex Burrage
Author Date: 2022-03-23 18:11:42 UTC

Update to guidelines in README regarding 'ignored' status

Author: Paulo Flabiano Smorigo
Author Date: 2021-02-10 23:10:15 UTC

scripts/sis-generate-usn: Add PUBLISH flag

Signed-off-by: Paulo Flabiano Smorigo <pfsmorigo@canonical.com>

Author: Mike Salvatore
Author Date: 2020-11-24 11:14:36 UTC

Add descriptions to ESM experimental -> public migration scripts

Author: Mike Salvatore
Author Date: 2020-08-26 17:29:02 UTC

Minor refactor and bugfix of code to publish CVEs to new web API

Author: Joy Latten
Author Date: 2020-04-08 23:20:15 UTC

The ignored_package_fields and ignored_releases were being ignored.

When running the scripts,
WARNING: Unknown package field "Patches" in Patches_ruby2.1 in "././active/CVE-2019-8324"
WARNING: Unknown package field "upstream" in upstream_ruby2.1 in "././active/CVE-2019-8324"

Author: Joy Latten
Author Date: 2020-03-03 21:03:19 UTC

Add GPLv3 to the generated OVAL.

Author: Alex Murray
Author Date: 2019-09-19 13:07:47 UTC

cve.vim: Make vim cve syntax snap aware

Author: Emilia Torino
Author Date: 2019-08-29 23:29:47 UTC

updating help

Author: Alex Murray
Author Date: 2019-08-27 04:33:54 UTC

html_export.py: Make Notes: contents more readable

We do this by formatting as a table using the now-structured Notes data
from cve_lib.py

Author: Emilia Torino
Author Date: 2019-07-29 19:14:45 UTC

improving output message