OSVDB - comes to CVE since OSVDB is dead
jasnow opened this issue · comments
Since the following OSVDB files have a "cve:" field, do you want their filename to be rename as "CVE-" ...?
* gems/actionpack/OSVDB-100524.yml
* gems/actionpack/OSVDB-100525.yml
* gems/actionpack/OSVDB-100526.yml
* gems/actionpack/OSVDB-100527.yml
* gems/actionpack/OSVDB-100528.yml
* gems/actionpack/OSVDB-74616.yml
* gems/actionpack/OSVDB-77199.yml
* gems/activerecord/OSVDB-88661.yml
* gems/i18n/OSVDB-100528.yml
* gems/open-uri-cached/OSVDB-121701.yml
* gems/passenger/OSVDB-90738.yml
* gems/sidekiq/OSVDB-125676.yml
* gems/sidekiq-pro/OSVDB-126331.yml
* gems/spree_auth_devise/OSVDB-90865.yml
* gems/spree_auth/OSVDB-90865.yml
* gems/spree/OSVDB-69098.yml
* gems/spree/OSVDB-81505.yml
* gems/spree/OSVDB-81506.yml
* gems/spree/OSVDB-90865.yml
* gems/spree/OSVDB-91216.yml
* gems/spree/OSVDB-91217.yml
* gems/spree/OSVDB-91218.yml
* gems/spree/OSVDB-91219.yml
* gems/twitter-bootstrap-rails/OSVDB-109206.yml
Is the rule for filename naming: "Use CVE prefix if "cve:" field is known, then if "osvdb:" field in known, then if "ghsa:" field is known.
The test code does not check for the above rule.
Thanks.
Let's rename all OSVDB-
files to their CVE-
equivalents, since OSVDB is no more.
Let's rename all
OSVDB-
files to theirCVE-
equivalents, since OSVDB is no more.
Assuming they have a CVE.
@jasnow correct. Any OSVDB-
files lacking a cve:
should stay the same.
3 Duplicates:
fatal: destination exists, source=gems/spree/OSVDB-91219.yml, destination=gems/spree/CVE-2013-1656.yml
fatal: destination exists, source=gems/spree/OSVDB-91218.yml, destination=gems/spree/CVE-2013-1656.yml
fatal: destination exists, source=gems/spree/OSVDB-91216.yml, destination=gems/spree/CVE-2013-1656.yml
It looks like those three remaining OSVDB advisories all reference the same vulnerability, but just point to different locations within the spree source code. I think it's safe to merge them into one CVE-2013-1656 advisory and use the description from CVE-2013-1656.
Will merge all 4 into 1.