Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: e5086819 by Salvatore Bonaccorso at 2023-11-20T17:43:06+01:00 check-external: update: Gather CVE from the Red Hat Security Data API endpoint As the bugzilla query cannot reliably deliver CVE information anymore and the metadata export has been discontinued switch to gather the Red Hat known CVEs from the Red Hat Security Data API endpoint instread. Link: https://www.redhat.com/en/blog/future-red-hat-security-data Link: https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index Signed-off-by: Salvatore Bonaccorso <[email protected]> - - - - - cb931c6f by Salvatore Bonaccorso at 2023-11-20T17:43:06+01:00 check-external: update: Disable fetching from Red Hat Bugzilla Signed-off-by: Salvatore Bonaccorso <[email protected]> - - - - - d108da5a by Salvatore Bonaccorso at 2023-11-20T19:28:21+00:00 Merge branch 'external-check-redhat-security-api' into 'master' check-external: update: Gather CVE from the Red Hat Security Data API endpoint See merge request security-tracker-team/security-tracker!153 - - - - - 1 changed file: - check-external/update.sh Changes: ===================================== check-external/update.sh ===================================== @@ -45,13 +45,16 @@ check_list() { # This should be better done via a rewrite and using python-bugzilla # but it is sufficient for now to get some additional CVE information # from Red Hat source -wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classification=Other&component=vulnerability&f1=alias&o1=regexp&product=Security%20Response&query_format=advanced&v1=^CVE-.*&order=priority%2Cbug_severity&limit=0' +# Fetching from RedHat bugzilla via query is unreliable, thus disabled +# on 2023-11-16 for the time beeing. +# wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classification=Other&component=vulnerability&f1=alias&o1=regexp&product=Security%20Response&query_format=advanced&v1=^CVE-.*&order=priority%2Cbug_severity&limit=0' # Some extra data is readily available as an xml file (until 2023-11-08) # discontinued as per https://www.redhat.com/en/blog/future-red-hat-security-data # last archived version: https://access.redhat.com/security/data/archive/cve-metadata-from-bugzilla_20231108.xml -#wget -N https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml -#cat redhat-bugzilla.html cve-metadata-from-bugzilla.xml | -cat redhat-bugzilla.html | +# Gather data from Red Hat Security Data API instead +# https://access.redhat.com/documentation/en-us/red_hat_security_data_api/1.0/html/red_hat_security_data_api/index +curl -s https://access.redhat.com/hydra/rest/securitydata/cve.json?per_page=1000000 | jq -r '.[] | .CVE' > redhat-security-data-api.list +cat redhat-security-data-api.list | perl -ne 'print "$1\n" while (s/(CVE-[12][0-9]{3}-[0-9]{4,})//);' | sort -u > cve.list check_list cve.list View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/098d53342e7ef4e730ad1f1dd5701c138ddfb13d...d108da5aff5e83cf6060b395267ef7328f2b8c4c -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/098d53342e7ef4e730ad1f1dd5701c138ddfb13d...d108da5aff5e83cf6060b395267ef7328f2b8c4c You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
