[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Machine-readable form for debian security advisories

I have several hundred debian instances to care for, and they are 
monitored via Nagios.  I would like to institute a regular test that
checks each box against a list of security advisories, without
running apt-get update several times a day on 300 boxes.

Therefore I see a need for a machine readable DSA format. I know there's 
a defined format to the current header, but I'd like to expand on that.

It will look something like:

DSA: 536-1
Title: New libpng, libpng3 packages fix multiple vulnerabilities
Date: 20040804
Upgrade-required: simple
Vulnerability: several
Problem-Type: local/remote
Debian-specific: no
CVE-Ids: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768

Package: libpng
Distribution: stable
Architecture: any
Binary: libpng2-dev, libpng2
Version: 1.0.12-3.woody.7

Package: libpng3
Distribution: stable
Architecture: any
Binary: libpng-dev, libpng3
Version: 1.2.1-1.1.woody.7

This can be easily distributed, parsed and compared to the package 
status database to determine which installed packages must be upgraded, 
and can raise an alert if required.

I can script the generation of a MR-DSA from existing data, especially 
the DSA itself. Before I do: has anyone already done anything like this 
with DSAs, and would anyone be interested in using the resulting 


Joshua Goodall <joshua@myinternet.com.au>
Solutions Architect / Principal Security Architect
myinternet Limited.

Attachment: pgpwmqXVSkeqN.pgp
Description: signature

Reply to: