[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CPE lists was Re: Equivalent packages between Linux distributions

[Silvio Cesare]
> I created an automatically generated CPE list for Fedora13
> packages. It only has 300 or so packages in it, but this will
> improve as say Debian increase the list of packages they track (they
> only track 1100 or so currently).
> https://github.com/silviocesare/Equivalent-Packages/blob/master/CPE/Fedora13.CPE.generated

Very interesting.  I created the CPE entries for Debian manually, by
comparing the set of affected packages reported in the CVE database
for Debian and NVD.  Perhaps something similar could be done for
Fedora, assuming the project track CVEs in a structured way?

Note that there are several duplicate CPE entries used by NVD.  A list
of the ones I have identified so far is in data/CPE/aliases.

Note that there is a bug in your list.  xen is claimed to be
grub-legacy.  Perhaps check your code?

Happy hacking,
Petter Reinholdtsen

Reply to: