Bug 589630
| Summary: | point to our per-CVE pages rather than MITRE's site | ||
|---|---|---|---|
| Product: | [Community] Bugzilla | Reporter: | Vincent Danen <vdanen> |
| Component: | User Interface | Assignee: | David Lawrence <dkl> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 3.4 | CC: | mjc |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2010-05-12 17:47:29 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Vincent Danen
2010-05-06 15:12:41 UTC
This is our current regex code that does this auto-linkification:
# Linkify CAN or CVE links IE: CAN-XXXX-XXXX CVE-XXXX-XXXX
$text =~ s~\b(C(?:VE|AN)-\d{4}-\d{4})~<a href=\"http://cve\.mitre\.org/cgi-bin/cvename\.cgi\?name=$1\">$1</a>~g;
We would just change it to:
# Linkify CVE links IE: CVE-XXXX-XXXX
$text =~ s~\bCVE-\d{4}-\d{4})~<a href=\"https://www.redhat.com/security/data/cve/$1\.html\">$1</a>~g;
# Linkify CAN Links IE: CAN-XXXX-XXXX CVE-XXXX-XXXX
$text =~ s~\bCAN-\d{4}-\d{4})~<a href=\"http://cve\.mitre\.org/cgi-bin/cvename.cgi\?name=$1\">$1</a>~g;
Does that look acceptable to you? Also should we go forward before the page not found issue is resolved?
Dave
I don't think we want to point CAN-XXXX-XXXX to MITRE's site since all CAN-foo have turned to CVE-foo (i.e. if you go to CAN-2009-0301 it will take you to the CVE-2009-0301 page. So I think it would be safe to make all CAN's point to our CVE pages also (just s/CAN/CVE/ for the name). The page not found issue has been resolved. If you visit: https://www.redhat.com/security/data/cve/CVE-2009-0001.html You'll see some javascript stuff at the bottom to point to MITRE's site. I'll let Mark make the call on the CAN handling though. I think they should be converted to CVE-foo and pointing to our page. Thanks Dave! (In reply to comment #2) > I don't think we want to point CAN-XXXX-XXXX to MITRE's site since all CAN-foo > have turned to CVE-foo (i.e. if you go to CAN-2009-0301 it will take you to the > CVE-2009-0301 page. So I think it would be safe to make all CAN's point to our > CVE pages also (just s/CAN/CVE/ for the name). > > The page not found issue has been resolved. If you visit: > > https://www.redhat.com/security/data/cve/CVE-2009-0001.html > > You'll see some javascript stuff at the bottom to point to MITRE's site. > > I'll let Mark make the call on the CAN handling though. I think they should be > converted to CVE-foo and pointing to our page. Okay, works for me. I will hold off til Mark's sign off before making the change. Dave Agreed, any CAN-xxxx-yyyy should point to https://www.redhat.com/security/data/cve/CVE-xxxx-yyyy.html Thanks. Change committed to SVN and will be in the next update. Dave Great! Thanks Dave. |