madisongh / kernel-cve-tool Goto Github PK
View Code? Open in Web Editor NEWTool for reviewing CVE patches in a downstream Linux kernel
License: MIT License
Tool for reviewing CVE patches in a downstream Linux kernel
License: MIT License
This conversion to integer fails on tags such as v5.10.106-rt64
(which comes from the linux-stable-rt.git repository).
One possible solution is to just ignore the extra suffix:
sublevel = int(re.split('[-.]', tag)[2])
Another potential idea would be to let git
sort the tags, and then just take the last one:
git tag -l --sort=version:refname v{}.{}.*
kernel-cve-tool/kernel_cve_tool/scripts/kernel_cve_tool.py
Lines 126 to 127 in eb177ab
I found a case where the above grep pattern (for the subject) results in the CVE being reported as fixed, when in fact it is not fixed. The result differs from what www.linuxkernelcves.com reports for the same CVE.
When analysing the stable-5.10.y kernel, the issue shows up for CVE-2021-4037.
The problem arises because the commit message for (2) includes the subject line of commit (1), even though (2) does not fix (1). So git log --grep
matches and the CVE is classified as Fixed, when it should be Unfixed.
I am not sure how common this situation is, but I figured I'd report it. Perhaps the intention was to search only the subject lines?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.