Re: CPE lists was Re: Equivalent packages between Linux distributions

To: debian-devel@lists.debian.org
Subject: Re: CPE lists was Re: Equivalent packages between Linux distributions
From: Petter Reinholdtsen <pere@hungry.com>
Date: Tue, 01 Feb 2011 10:58:05 +0100
Message-id: <[🔎] 2fllj202i1e.fsf@login2.uio.no>
References: <AANLkTikAuXV5Tsfh91hCnDOjCF8n=Z9oojFJxUW0UfUT@mail.gmail.com>

[Silvio Cesare]
> I created an automatically generated CPE list for Fedora13
> packages. It only has 300 or so packages in it, but this will
> improve as say Debian increase the list of packages they track (they
> only track 1100 or so currently).
>
> https://github.com/silviocesare/Equivalent-Packages/blob/master/CPE/Fedora13.CPE.generated

Very interesting.  I created the CPE entries for Debian manually, by
comparing the set of affected packages reported in the CVE database
for Debian and NVD.  Perhaps something similar could be done for
Fedora, assuming the project track CVEs in a structured way?

Note that there are several duplicate CPE entries used by NVD.  A list
of the ones I have identified so far is in data/CPE/aliases.

Note that there is a bug in your list.  xen is claimed to be
grub-legacy.  Perhaps check your code?

Happy hacking,
-- 
Petter Reinholdtsen

Reply to:

Prev by Date: Re: Upstream "stable" branches and Debian freeze
Next by Date: Re: Upstream "stable" branches and Debian freeze
Previous by thread: Re: Upstream "stable" branches and Debian freeze
Next by thread: Any Debian Developers traveling to Almaty? (GPG key sign needed)
Index(es):
- Date
- Thread