Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies

To: debian-security@lists.debian.org
Cc: debian-devel@lists.debian.org
Subject: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
From: Petter Reinholdtsen <pere@hungry.com>
Date: Mon, 02 Jul 2012 19:59:26 +0200
Message-id: <2fly5n2kps1.fsf@login1.uio.no>
References: <CA+ygN1LxTeSFSt45qDC2KLKbYUWTqPvrm5ZHvEjjoEkuDL4f5g@mail.gmail.com>

[Silvio Cesare]
> I recently ran the tool and cross referenced identified code copies with
> Debian's security tracking of affected packages by CVE. I did this for all
> CVEs in 2010, 2011, and 2012.

This sound like a job that could become a bit easier if we tagged
Debian packages with the CPE ids assosiated with CVEs, to make it
easier to figure out which Debian package are affected by a given CVE.

Are you aware of my proposal to do this, mentioned on debian-security
and also drafted on <URL: http://wiki.debian.org/CPEtagPackagesDep >?
-- 
Happy hacking
Petter Reinholdtsen

Reply to:

Follow-Ups:
- Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
  - From: Silvio Cesare <silvio.cesare@gmail.com>

Prev by Date: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
Next by Date: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
Previous by thread: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
Next by thread: Re: Audit of Debian/Ubuntu for unfixed vulnerabilities because of embedded code copies
Index(es):
- Date
- Thread