Re: Suggestion for a new way of easily getting all relevant information of DSAs/DLAs
Hi Thorsten,
On Wed, Mar 04, 2020 at 02:22:40PM +0100, Thorsten Paßfeld wrote:
> Since Debian is so widely used and appreciated, especially by us over at
> Greenbone, it is obvious that we will want to continue supporting your
> advisories such as DSA and DLA in the future. To do that, I have come across
> your useful way of presenting information from your security tracker in JSON
> (https://security-tracker.debian.org/tracker/data/json). This is really
> really useful and almost what I need.
>
> However, this is how our scripts currently look like for checking packages
> that are stated in your DLAs or DSAs:
> https://vulners.com/openvas/OPENVAS:1361412562310704634
>
> As you can see, it's a bit of a problem that all of your information in JSON
> is listed by packages and their CVEs without any reference to a DSA/DLA
> advisory. In order to use your information in JSON in the future, it would
> be fantastic to have the information be listed by advisories (such as a DSA
> or DLA with their ID, for example). Then, it would branch into e.g. a list
> of all related CVEs, OS-versions (you'd probably call it "releases"), all
> affected package names, their fixed versions, the status and the
> description.
>
> Since this information should all be present in your database, I could
> definitely see this working and it would be of huge value! Let me know what
> you think about this. If we could get this implemented as soon as possible,
> it would be fantastic! Having to parse HTML is not contemporary anymore.
> This would be a great step forward in the right direction.
Yes this is indeed a yet missing feature of the export, and we have an
issue tracking it here:
https://salsa.debian.org/security-tracker-team/security-tracker/issues/1
.
Regards,
Salvatore
Reply to: