Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies

To: Petter Reinholdtsen <pere@hungry.com>
Cc: debian-security@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
From: Henri Salo <henri@nerv.fi>
Date: Sat, 29 Sep 2012 23:22:43 +0300
Message-id: <[🔎] 20120929202243.GA12772@kludge.henri.nerv.fi>
In-reply-to: <2fly5n2kps1.fsf@login1.uio.no>
References: <CA+ygN1LxTeSFSt45qDC2KLKbYUWTqPvrm5ZHvEjjoEkuDL4f5g@mail.gmail.com> <2fly5n2kps1.fsf@login1.uio.no>

On Mon, Jul 02, 2012 at 07:59:26PM +0200, Petter Reinholdtsen wrote:
> [Silvio Cesare]
> > I recently ran the tool and cross referenced identified code copies with
> > Debian's security tracking of affected packages by CVE. I did this for all
> > CVEs in 2010, 2011, and 2012.
> 
> This sound like a job that could become a bit easier if we tagged
> Debian packages with the CPE ids assosiated with CVEs, to make it
> easier to figure out which Debian package are affected by a given CVE.
> 
> Are you aware of my proposal to do this, mentioned on debian-security
> and also drafted on <URL: http://wiki.debian.org/CPEtagPackagesDep >?
> -- 
> Happy hacking
> Petter Reinholdtsen

Has there been any progress with this project? I am glad to help if there is something I can do? This is needed in my opinion.

- Henri Salo

Reply to:

Follow-Ups:
- Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
  - From: Petter Reinholdtsen <pere@hungry.com>

Prev by Date: Re: CIA going down: KGB wants your commits!
Next by Date: Debian not suitable for SSD due to apt/dpkg?
Previous by thread: Bug#689163: ITP: edtsurf -- triangulated mesh surfaces for protein structures
Next by thread: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
Index(es):
- Date
- Thread