Age | Commit message (Collapse) | Author |
|
|
|
This page contains most information that may be found on 3rd party
sites about a particular CVE, but with the benefit of being hosted
on the PostgreSQL infrastructure.
This does require inserting the CVE description into the website,
which will include backporting the CVE descriptions throughout
many existing CVEs, but the added benefit is that this information
is available when we publish a release, vs. waiting for a 3rd party
to publish the info.
This patch also adds sitemap indexing for each of the CVE entries,
and ensures the top-level CVE URL is in the sitemap.
|
|
This allows the method to be repurposed in additional parts of
the pgweb codebase.
|
|
The current validator stopped after 5 digits, whereas there can
be an aribtrary amount. However, the MITRE docs appear to stop at
7, so this seems like a sane cut-off, until it's not[1].
[1] https://cve.mitre.org/cve/identifiers/syntaxchange.html#new
|
|
This is the bardware compatible value that will be needed once we
upgrade django later.
|
|
Pointed out by newer versions of pep8, but they were never correct.
|
|
|
|
|
|
|
|
|
|
|
|
In a quest to reach pep8, use spaces to indent rather than tabs.
|
|
|
|
This way new CVEs that are added will start off being listed, but not
with a link. When upstream (currently redhat) publishes the CVE, a
cronjob will pick this up and update it with a link.
Of course, we still only show CVEs that are listed as public, but this
should hopefully get rid of some of the questions of why we link to a
404.
|
|
This finally moves the patches into the db, which makes it a lot easier
to filter patches in the views.
It also adds the new way of categorising patches, which is assigning
them a CVSSv3 score.
For now, there are no public views to this, and the old static pages
remain. This is so we can backfill all existing security patches before
we make it public.
|