Re: Timeliness of Debian Security Announceness? (DSA 756-1 Squirrelmail)

[Stefan Fritsch <sf@sfritsch.de>]

On Thursday 14 July 2005 22:03, Fredrik "Demonen" Vold wrote:
> I think it's possible for a script to list all installed packages,
> then check each of them against the bug report system to see if the
> installed version has a security bug filed against it.
>
> Maybe if some autmated system on the server would generate a
> "Security.gz" or something else similar to the package list for
> apt? I really don't know enough of the bug tracking system to know
> if this is possible, but it opens up alot of possibilities if it
> is.

There is a page listing all security bugs:
http://qa.debian.org/bts-security.html

And a quick hack to extract only the bugs for installed packages is at 
http://www.sfritsch.de/debian/list-bts-security (uses 
apt-show-versions and libwww-perl). Probably it would be nice to add 
some functionality to only show the differences from the last run...


Cheers,
Stefan