From 443c10018cb1e33cd6a054c32eb62881f1dcfca2 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Wed, 24 Jan 2024 13:37:20 -0500 Subject: Update advisory format and introduce some automation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Simplify the advisory format by dropping the -Backport tags and instead stick to using just the -Commit tags. To identify backports, put a substring of git-describe into the release version in the brackets next to the commit ref. This way, it not only identifies that the fix (or regression) is on the release/2.YY/master branch, it also disambiguates regressions/fixes in the branch from those in the tarball. Add a README to make it easier for consumers to understand the format. Additionally, the Release wiki needs to be updated to inform the release manager to: 1. Generate a NEWS snipped from the advisories directory AND 2. on release/2.YY/master, replace the advisories directory with a text file pointing to the advisories directory in master so that we don't have to update multiple locations. Signed-off-by: Siddhesh Poyarekar Reviewed-by: Andreas K. Hüttel --- advisories/GLIBC-SA-2023-0005 | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) (limited to 'advisories/GLIBC-SA-2023-0005') diff --git a/advisories/GLIBC-SA-2023-0005 b/advisories/GLIBC-SA-2023-0005 index a518af803a..cc4eb90b82 100644 --- a/advisories/GLIBC-SA-2023-0005 +++ b/advisories/GLIBC-SA-2023-0005 @@ -6,15 +6,13 @@ flags set. CVE-Id: CVE-2023-5156 Public-Date: 2023-09-25 -Vulnerable-Commit: 973fe93a5675c42798b2161c6f29c01b0e243994 (pre-2.39) -Fix-Commit: ec6b95c3303c700eb89eebeda2d7264cc184a796 (2.39) -Vulnerable-Backport: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34) -Vulnerable-Backport: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35) -Vulnerable-Backport: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36) -Vulnerable-Backport: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37) -Vulnerable-Backport: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38) -Fix-Backport: 8006457ab7e1cd556b919f477348a96fe88f2e49 (2.34) -Fix-Backport: 17092c0311f954e6f3c010f73ce3a78c24ac279a (2.35) -Fix-Backport: 856bac55f98dc840e7c27cfa82262b933385de90 (2.36) -Fix-Backport: 4473d1b87d04b25cdd0e0354814eeaa421328268 (2.37) -Fix-Backport: 5ee59ca371b99984232d7584fe2b1a758b4421d3 (2.38) +Vulnerable-Commit: e09ee267c03e3150c2c9ba28625ab130705a485e (2.34-420) +Vulnerable-Commit: e3ccb230a961b4797510e6a1f5f21fd9021853e7 (2.35-270) +Vulnerable-Commit: a9728f798ec7f05454c95637ee6581afaa9b487d (2.36-115) +Vulnerable-Commit: 6529a7466c935f36e9006b854d6f4e1d4876f942 (2.37-39) +Vulnerable-Commit: 00ae4f10b504bc4564e9f22f00907093f1ab9338 (2.38-20) +Fix-Commit: 8006457ab7e1cd556b919f477348a96fe88f2e49 (2.34-421) +Fix-Commit: 17092c0311f954e6f3c010f73ce3a78c24ac279a (2.35-272) +Fix-Commit: 856bac55f98dc840e7c27cfa82262b933385de90 (2.36-116) +Fix-Commit: 4473d1b87d04b25cdd0e0354814eeaa421328268 (2.37-42) +Fix-Commit: 5ee59ca371b99984232d7584fe2b1a758b4421d3 (2.38-24) -- cgit 1.4.1