fix: no severity score on Debian CVEs (#4042)

Author: jess-lowe

vulnfeeds/cmd/debian/main.go

@@ -127,12 +127,13 @@ func generateOSVFromDebianTracker(debianData DebianSecurityTrackerData, debianRe
 				continue
 			}
 			v, ok := osvCves[cveID]
+			currentNVDCVE := allCVEs[cves.CVEID(cveID)]
 			if !ok {
 				v = &vulns.Vulnerability{
 					Vulnerability: osvschema.Vulnerability{
 						ID:        "DEBIAN-" + cveID,
 						Upstream:  []string{cveID},
-						Published: allCVEs[cves.CVEID(cveID)].CVE.Published.Time,
+						Published: currentNVDCVE.CVE.Published.Time,
 						Details:   cveData.Description,
 						References: []osvschema.Reference{
 							{
@@ -142,6 +143,7 @@ func generateOSVFromDebianTracker(debianData DebianSecurityTrackerData, debianRe
 						},
 					},
 				}
+				v.AddSeverity(currentNVDCVE.CVE.Metrics)
 				osvCves[cveID] = v
 			}
 

vulnfeeds/cmd/debian/main_test.go

@@ -124,6 +124,7 @@ func TestGenerateOSVFromDebianTracker(t *testing.T) {
 					},
 				},
 				References: []osvschema.Reference{{Type: "ADVISORY", URL: "https://security-tracker.debian.org/tracker/CVE-2016-1585"}},
+				Severity:   []osvschema.Severity{{Type: "CVSS_V3", Score: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}},
 			},
 		},
 		"CVE-2017-6507": {
@@ -156,6 +157,7 @@ func TestGenerateOSVFromDebianTracker(t *testing.T) {
 					},
 				},
 				References: []osvschema.Reference{{Type: "ADVISORY", URL: "https://security-tracker.debian.org/tracker/CVE-2017-6507"}},
+				Severity:   []osvschema.Severity{{Type: "CVSS_V3", Score: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}},
 			},
 		},
 	}