Description of problem: When using beaker-wizard CVE-2018-12384 is rejected as not a valid CVE number. Version-Release number of selected component (if applicable): beaker-client-25.5-1.fc27eng.noarch How reproducible: always Steps to Reproduce: 1. start beaker-wizard 2. modify the "Bug or CVE numbers" 3. provide "CVE-2018-12384" as the number Actual results: [2018-12384 is not a valid bug or cve number, what about None?] CVE-2018-12384 Supply one or more bug or CVE numbers (e.g. 123456 or 2009-7890). Use the '+' sign to add the bugs instead of replacing the current list. [2018-12384 is not a valid bug or cve number, what about None?] Expected results: CVE number accepted (the current specification of CVE's does not limit the length of the number – e.g. DWF assignes numbers in the 1000000 range) Additional info:
Dear Hubert, thank you for your bug report. Yes it seems that the length of the CVE number is restricted: RegExpCVE = re.compile("^\d{4}-\d{4}$") Perhaps changing it to: re.compile("^\d{4}-\d{4,7}$") according to: https://cve.mitre.org/cve/identifiers/syntaxchange.html will still validate, but give room for the change?
from the article: > CVE IDs can now have four or more digits in the sequence number portion of the ID. so, no, limit to 7 digits is not ok, it needs to be unlimited or some very high limit
Ah dang... yes. I guess for whatever reason I missed the arbitrary in: CVE prefix + Year + Arbitrary Digits I guess then the regexp becomes just: re.compile("^\d{4}-\d+$")
It should reject CVEs with < 4 digits in the final section as they are not valid. So the regex should be: ^\d{4}-\d{4,}$
Hah of course. Good point Matt!
This bug was fixed on the release-25 branch, but the next release will be Beaker 26.0.
Beaker 26.0 has been released.
*** Bug 1555256 has been marked as a duplicate of this bug. ***