Re: Equivalent packages between Linux distributions

To: debian-devel@lists.debian.org
Subject: Re: Equivalent packages between Linux distributions
From: Raphael Geissert <geissert@debian.org>
Date: Tue, 25 Jan 2011 12:37:26 -0600
Message-id: <[🔎] ihn599$8pd$1@dough.gmane.org>
References: <[🔎] AANLkTi=01v4YLb5XFqs4wOAM0yAg-cQvemeH_kgtAr+o@mail.gmail.com> <[🔎] 2flaaip46qu.fsf@login2.uio.no>

Petter Reinholdtsen wrote:
[...]
> It would be great if you or someone else could provide a mapping from
> distribution packages to CPE entries. :)

It would be great if anyone could make any progress on that.

Some time ago it was mentioned as a possible way to automate the processing 
of new CVE ids (i.e. when MITRE publishes the description and other info) 
and to detect incorrect Not-For-Us entries in the security tracker.

One way to get started is by using the tracker's list of affected packages 
per CVE and match them with the CPEs provided by MITRE. It would be even 
better if in the future that information is provided by source packages 
themselves.

Cheers,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net

Reply to:

Follow-Ups:
- Re: Equivalent packages between Linux distributions
  - From: Petter Reinholdtsen <pre@usit.uio.no>

References:
- Equivalent packages between Linux distributions
  - From: Silvio Cesare <silvio.cesare@gmail.com>
- Re: Equivalent packages between Linux distributions
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: Cedilla removed from sid, users complain
Next by Date: Re: Cedilla removed from sid, users complain
Previous by thread: Re: Equivalent packages between Linux distributions
Next by thread: Re: Equivalent packages between Linux distributions
Index(es):
- Date
- Thread