Browse Source

add --{no-}security-team, to declare to send (or not) the report only to the security team since it is (or not) an undisclosed vulnerability; Closes: #685829

master
Sandro Tosi 7 years ago
parent
commit
6f09c2aeea
  1. 8
      bin/reportbug
  2. 6
      debian/changelog
  3. 10
      man/reportbug.1

8
bin/reportbug

@ -905,6 +905,10 @@ def main():
help='query on source packages, not binary packages')
parser.add_option('--no-query-source', action='store_false',
dest='query_src', help='query on binary packages only')
parser.add_option('--security-team', action='store_true', dest='secteam', default=None,
help='send the report only to the security team, if tag=security')
parser.add_option('--no-security-team', action='store_false', default=None,
dest='secteam', help='do not send the report only to the security team, if tag=security')
parser.add_option('--debconf', action='store_true',
help='include debconf settings in your report')
parser.add_option('--no-debconf', action='store_false', dest='debconf',
@ -2037,10 +2041,10 @@ For more details, please see: http://www.debian.org/devel/wnpp/''')
tags = ''
if 'security' in taglist:
if ui.yes_no(
if self.options.secteam or (self.options.secteam is None and ui.yes_no(
'Are you reporting an undisclosed vulnerability? If so, in order to responsibly disclose the issue, it should not be sent to the public BTS right now, but instead to the private Security Team mailing list.',
'Yes, it is an undisclosed vulnerability, send this report to the private Security Team mailing list and not to the BTS.',
'No, it is already a publicly disclosed vulnerability, send this report to the BTS.', False):
'No, it is already a publicly disclosed vulnerability, send this report to the BTS.', False)):
sendto = 'team@security.debian.org'
# Execute bug script

6
debian/changelog

@ -32,8 +32,12 @@ reportbug (6.6.4) UNRELEASED; urgency=medium
* reportbug/utils.py
- support LANG declined Description-xx field in package information; thanks
to Robert Luberda for the report; Closes: #683116
* bin/reportbug, man/reportbug.1
- add --{no-}security-team, to declare to send (or not) the report only to
the security team since it is (or not) an undisclosed vulnerability;
Closes: #685829
-- Sandro Tosi <morph@debian.org> Sat, 02 May 2015 15:00:19 -0400
-- Sandro Tosi <morph@debian.org> Sun, 03 May 2015 23:59:40 -0400
reportbug (6.6.3) unstable; urgency=medium

10
man/reportbug.1

@ -388,6 +388,16 @@ Set the subject of the bug report (i.e. a brief explanation of the
problem, less than 60 characters). If you do not specify this switch,
you will be prompted for a subject.
.TP
.B \-\-security\-team
If the 'security' tag is set, this option will explicitly specify to send the
report only to the Debian Security Team, as this is an undisclosed
vulnerability.
.TP
.B \-\-no\-security\-team
If the 'security' tag is set, this option will explicitly specify to not send
the report only to the Debian Security Team, as this is not an undisclosed
vulnerability.
.TP
.B \-S SEVERITY, \-\-severity=SEVERITY
Specify a severity level, from \fBcritical\fP, \fBgrave\fP,
\fBserious\fP, \fBimportant\fP, \fBnormal\fP, \fBminor\fP, and

Loading…
Cancel
Save