Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Combine all not yet assigned Debian Security Tracker issues into OSV #2482

Closed
hogo6002 opened this issue Aug 16, 2024 · 0 comments
Closed

Combine all not yet assigned Debian Security Tracker issues into OSV #2482

hogo6002 opened this issue Aug 16, 2024 · 0 comments
Assignees
@hogo6002
Labels
enhancement New feature or request

Comments

@hogo6002
Copy link
Contributor

OSV doesn't combine issues with the not yet assigned urgency tag from the Debian Security Tracker because we thought the status of those issues might change soon. But we've observed that many vulns remain in this stage for a very long time, and it doesn't seem like their status will change.

Confirmed with the Debian Security Team via email that they no longer assign urgencies to security issues, only some legacy ones with low/medium/high tags. For all issues without an assigned urgency, we should treat them as regular security issues and merge them into OSV.

A very large number of issues have not yet assigned tag (around 10k), but not all are valid entries (some may not affect any release)
@hogo6002 hogo6002 added the enhancement New feature or request label Aug 16, 2024
@hogo6002 hogo6002 self-assigned this Aug 16, 2024
@hogo6002 hogo6002 mentioned this issue Aug 16, 2024
Closed
@hogo6002 hogo6002 mentioned this issue Sep 4, 2024
Merged
hogo6002 added a commit that referenced this issue Sep 11, 2024
@hogo6002
feat: combine more Debian security tracker data into OSV (#2566)
93c8d00 
Combine Debian security issues without an urgency tag into OSV. Details:
#2482

This will significantly increase entries to combine-to-osv, and should
be merged only after [SDK performance
testing](#2546).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hogo6002 hogo6002

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@hogo6002