← Back to team overview

launchpad-reviewers team mailing list archive

  1. launchpad-reviewers team
  2. Mailing list archive
  3. Message #33060

[Merge] ~ines-almeida/launchpad:svt-move-test-files into launchpad:master

  Thread PreviousDate PreviousThread Next 
Ines Almeida has proposed merging ~ines-almeida/launchpad:svt-move-test-files into launchpad:master with ~ines-almeida/launchpad:svt-refactor-exports as a prerequisite.

Commit message:
Move UCT test files to make directory consistent

This makes it so that SOSS and UCT records have their own tests in separate directories

Requested reviews:
  Launchpad code reviewers (launchpad-reviewers)

For more details, see:
https://code.launchpad.net/~ines-almeida/launchpad/+git/launchpad/+merge/493467

This is just a file moving with no other change. All tests in bugs/scripts/tests passed
-- 
Your team Launchpad code reviewers is requested to review the proposed merge of ~ines-almeida/launchpad:svt-move-test-files into launchpad:master.

diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2007-0255 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2007-0255
new file mode 100644
index 0000000..db2403d
--- /dev/null
+++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2007-0255
@@ -0,0 +1,61 @@
+PublicDate: 2007-01-16 23:28:00 UTC
+Candidate: CVE-2007-0255
+References: 
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0255
+ http://xine.sourceforge.net/security
+Description:
+ XINE 0.99.4 allows user-assisted remote attackers to cause a denial of
+ service (application crash) and possibly execute arbitrary code via a
+ certain M3U file that contains a long #EXTINF line and contains format
+ string specifiers in an invalid udp:// URI, possibly a variant of
+ CVE-2007-0017.
+Ubuntu-Description: 
+Notes: 
+ sbeattie> issue is unlisted on xine upstream website
+Priority: medium
+Bugs: 
+Discovered-by:
+Assigned-to:
+CVSS:
+
+Patches_xine-ui:
+upstream_xine-ui: needs-triage
+dapper_xine-ui: ignored (reached end-of-life)
+edgy_xine-ui: needed (reached end-of-life)
+feisty_xine-ui: needed (reached end-of-life)
+gutsy_xine-ui: needed (reached end-of-life)
+hardy_xine-ui: ignored (reached end-of-life)
+intrepid_xine-ui: needed (reached end-of-life)
+jaunty_xine-ui: ignored (reached end-of-life)
+karmic_xine-ui: ignored (reached end-of-life)
+lucid_xine-ui: ignored (reached end-of-life)
+maverick_xine-ui: ignored (reached end-of-life)
+natty_xine-ui: ignored (reached end-of-life)
+oneiric_xine-ui: ignored (reached end-of-life)
+precise_xine-ui: ignored (reached end-of-life)
+precise/esm_xine-ui: DNE (precise was needed)
+quantal_xine-ui: ignored (reached end-of-life)
+raring_xine-ui: ignored (reached end-of-life)
+saucy_xine-ui: ignored (reached end-of-life)
+trusty_xine-ui: ignored (reached end-of-life)
+trusty/esm_xine-ui: DNE (trusty was needed)
+utopic_xine-ui: ignored (reached end-of-life)
+vivid_xine-ui: ignored (reached end-of-life)
+vivid/stable-phone-overlay_xine-ui: DNE
+vivid/ubuntu-core_xine-ui: DNE
+wily_xine-ui: ignored (reached end-of-life)
+xenial_xine-ui: ignored (end of standard support, was needed)
+yakkety_xine-ui: ignored (reached end-of-life)
+zesty_xine-ui: ignored (reached end-of-life)
+artful_xine-ui: ignored (reached end-of-life)
+bionic_xine-ui: needed
+cosmic_xine-ui: ignored (reached end-of-life)
+disco_xine-ui: ignored (reached end-of-life)
+eoan_xine-ui: ignored (reached end-of-life)
+focal_xine-ui: needed
+groovy_xine-ui: ignored (reached end-of-life)
+hirsute_xine-ui: ignored (reached end-of-life)
+impish_xine-ui: ignored (reached end-of-life)
+jammy_xine-ui: needed
+kinetic_xine-ui: needed
+devel_xine-ui: needed
\ No newline at end of file
diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-23222 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-23222
new file mode 100644
index 0000000..8c8a836
--- /dev/null
+++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-23222
@@ -0,0 +1,47 @@
+PublicDateAtUSN: 2022-01-14 08:15:00 UTC
+Candidate: CVE-2022-23222
+PublicDate: 2022-01-14 08:15:00 UTC
+References:
+ https://ubuntu.com/security/notices/USN-5368-1
+Description:
+ kernel/bpf/verifier.c in the Linux kernel through 5.15.14 allows local
+ users to gain privileges because of the availability of pointer arithmetic
+ via certain *_OR_NULL pointer types.
+Ubuntu-Description:
+ It was discovered that the BPF verifier in the Linux kernel did not
+ properly restrict pointer types in certain situations. A local attacker
+ could use this to cause a denial of service (system crash) or possibly
+ execute arbitrary code.
+Notes:
+ sbeattie> Ubuntu 21.10 / 5.13+ kernels disable unprivileged BPF by default.
+   kernels 5.8 and older are not affected, priority high is for
+   5.10 and 5.11 based kernels only
+Mitigation:
+ seth-arnold> set kernel.unprivileged_bpf_disabled to 1
+Bugs:
+ https://github.com/mm2/Little-CMS/issues/29
+ https://github.com/mm2/Little-CMS/issues/30
+ https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745471
+Priority: critical
+Discovered-by: tr3e wang
+Assigned-to:
+Tags: cisa-kev
+CVSS:
+ nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [7.8 HIGH]
+
+Patches_linux:
+ break-fix: 457f44363a8894135c85b7a9afd2bd8196db24ab c25b2ae136039ffa820c26138ed4a5e5f3ab3841|local-CVE-2022-23222-fix
+ upstream: https://github.com/389ds/389-ds-base/commit/58dbf084a63e6dbbd999bf6a70475fad8255f26a (1.4.4)
+ upstream: https://github.com/389ds/389-ds-base/commit/2e5b526012612d1d6ccace46398bee679a730271
+upstream_linux: released (5.17~rc1)
+impish_linux: released (5.13.0-37.42)
+devel_linux: not-affected (5.15.0-25.25)
+Priority_linux_impish: medium
+Priority_linux_devel: medium
+Tags_linux: not-ue
+
+Patches_linux-hwe:
+upstream_linux-hwe: released (5.17~rc1)
+impish_linux-hwe: DNE
+devel_linux-hwe: DNE
+Priority_linux-hwe: high
diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-3219 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-3219
new file mode 100644
index 0000000..14aaa73
--- /dev/null
+++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2022-3219
@@ -0,0 +1,43 @@
+Candidate: CVE-2022-3219
+PublicDate: 2022-09-28
+References:
+ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3219
+ https://access.redhat.com/security/cve/CVE-2022-3219
+ https://marc.info/?l=oss-security&m=165696590211434&w=4
+Description:
+ gnupg: denial of service issue (resource consumption) using compressed
+ packets
+Ubuntu-Description:
+Notes:
+ mdeslaur> per the upstream gnupg bug, the change will not be applied
+ mdeslaur> as of 2022-09-28, proposed patch has not been accepted by
+ mdeslaur> upstream developers
+Mitigation:
+Bugs:
+ https://dev.gnupg.org/T5993
+Priority: low
+Discovered-by:
+Assigned-to:
+CVSS:
+
+Patches_gnupg:
+upstream_gnupg: needs-triage
+esm-infra/xenial_gnupg: deferred (2022-09-28)
+trusty_gnupg: ignored (out of standard support)
+xenial_gnupg: ignored (out of standard support)
+bionic_gnupg: DNE
+focal_gnupg: DNE
+jammy_gnupg: DNE
+trusty/esm_gnupg: deferred (2022-09-28)
+
+Patches_gnupg2:
+ other: https://dev.gnupg.org/D556
+upstream_gnupg2: needs-triage
+esm-infra/xenial_gnupg2: deferred (2022-09-28)
+trusty_gnupg2: ignored (out of standard support)
+xenial_gnupg2: ignored (end of standard support)
+bionic_gnupg2: deferred (2022-09-28)
+focal_gnupg2: deferred (2022-09-28)
+jammy_gnupg2: deferred (2022-09-28)
+kinetic_gnupg2: deferred (2022-09-28)
+devel_gnupg2: deferred (2022-09-28)
\ No newline at end of file
diff --git a/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2023-32637 b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2023-32637
new file mode 100644
index 0000000..8b88352
--- /dev/null
+++ b/lib/lp/bugs/scripts/uct/tests/sampledata/CVE-2023-32637
@@ -0,0 +1,28 @@
+Candidate: CVE-2023-32637
+PublicDate: 2023-07-25 06:15:00 UTC
+References:
+ https://jvn.jp/en/jp/JVN35897618/
+ https://jbrowse.org/jb2/
+ http://gmod.org/wiki/GBrowse
+ https://www.cve.org/CVERecord?id=CVE-2023-32637
+Description:
+ GBrowse accepts files with any formats uploaded and places them in the area
+ accessible through unauthenticated web requests. Therefore, anyone who can
+ upload files through the product may execute arbitrary code on the server.
+Ubuntu-Description:
+Notes:
+ ccdm94> this has likely been fixed in all 2.x versions.
+Bugs:
+Priority: high
+ This has a high priority because it is a vulnerability that allows a remote
+ attacker to execute code in a machine, and it looks to be easily exploitable
+ given that it involves regular functionalities provided by the application.
+Discovered-by:
+Assigned-to:
+CVSS:
+ nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]
+
+Patches_gbrowse:
+upstream_gbrowse: released (2.56+dfsg-1)
+trusty_gbrowse: ignored (end of standard support)
+xenial_gbrowse: ignored (end of standard support)
diff --git a/lib/lp/bugs/scripts/tests/test_uct.py b/lib/lp/bugs/scripts/uct/tests/test_uct.py
similarity index 100%
rename from lib/lp/bugs/scripts/tests/test_uct.py
rename to lib/lp/bugs/scripts/uct/tests/test_uct.py
diff --git a/lib/lp/bugs/scripts/tests/test_uctimport.py b/lib/lp/bugs/scripts/uct/tests/test_uctimport.py
similarity index 100%
rename from lib/lp/bugs/scripts/tests/test_uctimport.py
rename to lib/lp/bugs/scripts/uct/tests/test_uctimport.py
  Thread PreviousDate PreviousThread Next