Re: Guidance for CVE triage and listing packages in dla-needed.txt

[Roberto C. Sánchez <roberto@debian.org>]

Hi Ola,

On Wed, Apr 10, 2024 at 09:42:48PM +0200, Ola Lundqvist wrote:
> 
> You can see that in 1 year and 3 months we have fixed
> 2023: 58
> 2022: 15
> 2021: 78
> 2020: 11
> 2019: 1
> 
> Total (not counting CVEs for 2018 and earlier) 162.
> 
> It is still a low number.
> 
> And I think I found the counting mishap. :-)
> 

I think that your counting method is still faulty:

$ for c in $(seq 2023 -1 2019) ; do echo -n "${c}: " ; egrep "CVE[-]${c}" ../security-tracker/data/DLA/list | sed -r -e 's/[^-A-Z0-9 ]//g' -e 's/ /\n/g' | egrep "CVE[-]${c}" | sort -u | wc -l ; done
2023: 643
2022: 962
2021: 900
2020: 1098
2019: 983

Regards,

-Roberto

-- 
Roberto C. Sánchez