On 05/31/2017 04:47 AM, Sébastien Delafond wrote: The JSON is the simplest to use and has the benefit of including fixed versions for issues that weren't fixed by DSAs. Just using the DSAs themselves will be an incomplete list.On 2017-05-31, Philipp Hahn <hahn@univention.de> wrote:for my project I need the information which CVE is fixed by which Debian package. I do that by reading the DSA list. I tried lib/python/bugs.py first, but at the end wrote my own parser based on some simple regular expressions.Wouldn't https://security-tracker.debian.org/tracker/data/json be a better source for any kind of automated parsing ? Or maybe directly use the OVAL files at https://www.debian.org/security/oval/ ? -- Nicholas Luedtke HPE Linux Security, Hewlett-Packard Enterprise |
Attachment:
signature.asc
Description: OpenPGP digital signature