Hi, from FreeBSD I am used to a command named 'pkg audit' from the pkgng suite, which checks installed ports against a database of security advisories and returns a list of vulnerable ports. (https://www.freebsd.org/cgi/man.cgi?query=pkg-audit)
I did not find a semantically "matching" tool in the dpkg-suite and 'audit' seems to be used with different semantics in dpkg. Using the security-tracker DB https://security-tracker.debian.org/tracker/data/json, it has not been particularly hard to prototype something up which checks installed packages as given in /var/lib/dpkg/status against this DB. Assuming that such a tool does not already exist and I just did not find it, I would offer to contribute to dkpg scripts something like dpkg-vulnerabilities.pl. Does the dpkg-team have an "official" position on the requirement and the feature-set for such a script, and what would be required for contribution? Thanks -- Christopher
