On Thu, Mar 21, 2013 at 10:38:47PM +0100, Raphael Hertzog wrote: > (I'm not subscribed to debian-security-tracker@lists.debian.org, please > keep me in CC) > > Hello, > > while discussing with someone at Offensive Security, I learned that > there's a mapping between CVE numbers and exploits registered in > http://www.exploit-db.com/. > > I was thinking that it could be interesting to know whether exploits > are available and as such that it could be interesting to link CVE to the > corresponding exploits within the Debian security-tracker. > > I believe that everything required is already available online, > albeit only on webpages and would thus require some heavy web > scraping. > > Thus if you want to pursue this idea, I can put you in contact with the > relevant person at Offensive Security. They might be willing to publish > this mapping in a more convenient way (possibly as part of the CSV file > in http://www.exploit-db.com/archive.tar.bz2 or something similar). > > I though that I would throw this idea away because I find it interesting > but I just don't have the time and the desire to implement it. > > Cheers, > -- > Raphaël Hertzog ◈ Debian Developer > > Get the Debian Administrator's Handbook: > → http://debian-handbook.info/get/ Good idea. I have been thinking same about OSVDB. If security team member approves I could try to implement this. OSVDB links also to exploit-db.com in some items. -- Henri Salo
Attachment:
signature.asc
Description: Digital signature