Unknown CVE error message for $bug/+linkcve form is not displayed

We don't have a record of that CVE in Launchpad:

https://launchpad.net/malone/cve/2006-5397

The CVE database is supposed to get regularly updated from cve.mitre.org, so that's a bit weird.

From a quick look at the CveLinkView class (what is behind the +linkcve form), the "NNNN-NNNN is not a known CVE sequence number" error message could never be displayed to the user (since they get redirected back to the bug page).

The check to see whether the CVE exists should be moved to a validate() method.

Hm, but it is normal that the CVE db pages lag behind for some days. Not being able to attach CVEs which aren't yet on the mitre pages will make it next to impossible to move to Malone for CVE tracking (as we were up to in the near future, now that we have a security team of > 1 person :) ).

That's a good point. It would probably make sense to allow creation of placeholder CVE references in this case, which would be filled in on the next CVE db sync. There is similar code in the unused "find CVE references in a block of text" function.

@Martin, sorry to bug you - but is this still a bug, or have we fixed it in the interim, as I believe the security team do use lp now..

This seems to work now, thanks!