3 # project specific details
5 config['project'] = "openssl"
6 config['vendor_name'] = "OpenSSL"
7 config['product_name'] = "OpenSSL"
8 config['orgId'] = "b3476cb9-2e3d-41a6-98d0-0f47421a65b6"
9 config['cve_meta_assigner'] = "openssl-security@openssl.org"
10 # Versions of OpenSSL we never released, to allow us to display ranges
11 config['neverreleased'] = "1.0.0h,"
12 config['security_policy_url'] = "https://www.openssl.org/policies/secpolicy.html#"
13 config['git_prefix'] = "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h="
14 config['default_reference_prefix'] = "https://www.openssl.org"
16 def get_vlist(issue,base):
18 for affects in issue.getElementsByTagName('affects'): # so we can sort them
19 version = affects.getAttribute("version")
20 if (not base or base in version):
24 def earliest_affects(issue,base):
25 vlist = get_vlist(issue,base)
28 ver = sorted(vlist)[0]
31 def merge_affects(issue,base):
32 # let's merge the affects into a nice list which is better for Mitre text but we have to take into account our stange lettering scheme
36 vlist = get_vlist(issue,base)
37 for ver in sorted(vlist):
38 # print(f'version {ver} (last was {prev}, next was {anext})')
41 elif len(alist[-1]) > 1:
46 parts = ver.split('.')
47 # Deal with 3.0 version scheme
50 anext = '.'.join(parts[:-1])+'.'+str(int(parts[-1])+1)
54 # Deal with pre 3.0 version scheme
55 if (str.isdigit(ver[-1])): # First version after 1.0.1 is 1.0.1a
57 elif (ver[-1] == "y"):
58 anext = ver[:-1] + "za" # We ran out of letters once so y->za->zb....
60 anext = ver[:-1]+chr(ord(ver[-1])+1) # otherwise after 1.0.1a is 1.0.1b
61 while (anext in config['neverreleased']): # skip unreleased versions
62 anext = anext[:-1]+chr(ord(anext[-1])+1)
64 return ",".join(['-'.join(map(str,aff)) for aff in alist])