[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies

[Silvio Cesare]
> I recently ran the tool and cross referenced identified code copies with
> Debian's security tracking of affected packages by CVE. I did this for all
> CVEs in 2010, 2011, and 2012.

This sound like a job that could become a bit easier if we tagged
Debian packages with the CPE ids assosiated with CVEs, to make it
easier to figure out which Debian package are affected by a given CVE.

Are you aware of my proposal to do this, mentioned on debian-security
and also drafted on <URL: http://wiki.debian.org/CPEtagPackagesDep >?
Happy hacking
Petter Reinholdtsen

Reply to: