Cannot attach currently-unknown CVEs via linkCVE()
Bug #439470 reported by
Kees Cook
This bug affects 3 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Launchpad itself |
In Progress
|
Low
|
Simon Quigley | ||
Bug Description
In the API, the linkCVE() routine does not allow adding as-yet-unknown CVEs to a bug. This is very handy to have when assigning CVEs, or when work is happening on a CVE faster than Malone reads the CVE list from Mitre. As a work-around, you can force it to take a CVE if you put CVE-YYYY-NNNN into newMessage(), so I would just like to see the linkCVE() checks relaxed.
(This is likely related to bug 66877.)
| tags: | added: api |
Revision history for this message
| Graham Binns (gmb) wrote | #1 |
| Changed in malone: | |
| importance: | Undecided → Medium |
| status: | New → Triaged |
| tags: | added: platform-want |
| Changed in launchpad: | |
| importance: | Medium → Low |
Revision history for this message
| Seth Arnold (seth-arnold) wrote | #2 |
Revision history for this message
| Colin Watson (cjwatson) wrote | #4 |
| Changed in launchpad: | |
| status: | Triaged → In Progress |
| assignee: | nobody → Simon Quigley (tsimonq2) |
To post a comment you must log in.
I think a better solution would be to make linkCVE either automatically create new CVE records when passed as-yet-unknown ones, or accept a parameter, create_if_unknown, which tells it to do that (so the default API remains unchanged).