On Mon, Jul 02, 2012 at 07:59:26PM +0200, Petter Reinholdtsen wrote: > [Silvio Cesare] > > I recently ran the tool and cross referenced identified code copies with > > Debian's security tracking of affected packages by CVE. I did this for all > > CVEs in 2010, 2011, and 2012. > > This sound like a job that could become a bit easier if we tagged > Debian packages with the CPE ids assosiated with CVEs, to make it > easier to figure out which Debian package are affected by a given CVE. > > Are you aware of my proposal to do this, mentioned on debian-security > and also drafted on <URL: http://wiki.debian.org/CPEtagPackagesDep >? > -- > Happy hacking > Petter Reinholdtsen
Has there been any progress with this project? I am glad to help if there is something I can do? This is needed in my opinion. - Henri Salo -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120929202243.ga12...@kludge.henri.nerv.fi
