Re: CPE lists was Re: Equivalent packages between Linux distributions
> I created an automatically generated CPE list for Fedora13
> packages. It only has 300 or so packages in it, but this will
> improve as say Debian increase the list of packages they track (they
> only track 1100 or so currently).
Very interesting. I created the CPE entries for Debian manually, by
comparing the set of affected packages reported in the CVE database
for Debian and NVD. Perhaps something similar could be done for
Fedora, assuming the project track CVEs in a structured way?
Note that there are several duplicate CPE entries used by NVD. A list
of the ones I have identified so far is in data/CPE/aliases.
Note that there is a bug in your list. xen is claimed to be
grub-legacy. Perhaps check your code?