[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Few questions about the security tracker

Hi,

My name is Guy Hudara, and I am working at Whitesource.

I have a few questions about the JSON feed of the security tracker given in this URL: https://security-tracker.debian.org/tracker/data/json

  1. About the “status” field:
    1. If it is “open” on a given version, does this mean that all previous versions of that package are also vulnerable with respect to the CVE?
    2. If it is “resolved”, does this mean that all previous versions of that package are vulnerable with respect to the CVE?
    3. What does it mean the a version is “undetermined” ?
  2. About the “repositories”. In the below example: what is the different between the “stretch” repository and the “stretch-security” repository?

 

"stretch": {

                "status": "resolved",

                "repositories": {

                                "stretch": "7.1.0+dfsg-13+deb9u3",

                                "stretch-security": "7.1.0+dfsg-13+deb9u3"

                },

                "fixed_version": "0.4e-21",

                "urgency": "not yet assigned"

}

 

 

 

--

Thanks,

H Guy

 

Reply to: