cve-checker.pl: verify the "Not affected versions >=" part

As we had two errors on this. Reported-by: Jess Lowe Fixes #319
curl · Jan 12, 2024 · 46b88ac · 46b88ac
1 parent 17aa1a3
commit 46b88ac
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 3 deletions.
diff --git a/docs/CVE-2019-5435.md b/docs/CVE-2019-5435.md
@@ -37,7 +37,7 @@ AFFECTED VERSIONS
 -----------------
 
 - Affected versions: libcurl 7.62.0 to and including 7.64.1
-- Not affected versions: libcurl < 7.62.0 and >= libcurl 7.65.0
+- Not affected versions: libcurl < 7.62.0 and libcurl >= 7.65.0
 - Introduced-in: https://github.com/curl/curl/commit/fb30ac5a2d63773c52
 
 libcurl is used by many applications, but not always advertised as such.

diff --git a/docs/CVE-2019-5436.md b/docs/CVE-2019-5436.md
@@ -37,7 +37,7 @@ AFFECTED VERSIONS
 -----------------
 
 - Affected versions: libcurl 7.19.4 to and including 7.64.1
-- Not affected versions: libcurl < 7.19.4 and >= libcurl 7.65.0
+- Not affected versions: libcurl < 7.19.4 and libcurl >= 7.65.0
 - Introduced-in: https://github.com/curl/curl/commit/0516ce7786e95
 
 libcurl is used by many applications, but not always advertised as such.

diff --git a/docs/cve-checker.pl b/docs/cve-checker.pl
@@ -121,8 +121,12 @@ sub checkfile {
                 $notaffected = 1;
             }
         }
-        elsif($l =~ /^- Not affected versions: .* < .* and .*>= /) {
+        elsif($l =~ /^- Not affected versions: .* < .* and .*>= (.*)/) {
             $notaffected = 1;
+            if($1 !~ /^[1-9]/) {
+                print STDERR "$file:$line:error: \"not affected versions\" must specify only the version after >= ($1)\n";
+                return 3;
+            }
         }
     }
     close(F);