On 05/31/2017 04:47 AM, Sébastien Delafond wrote: > On 2017-05-31, Philipp Hahn <[email protected]> wrote: >> for my project I need the information which CVE is fixed by which >> Debian package. I do that by reading the DSA list. I tried >> lib/python/bugs.py first, but at the end wrote my own parser based on >> some simple regular expressions. > Wouldn't https://security-tracker.debian.org/tracker/data/json be a > better source for any kind of automated parsing ? Or maybe directly use > the OVAL files at https://www.debian.org/security/oval/ ? The JSON is the simplest to use and has the benefit of including fixed versions for issues that weren't fixed by DSAs. Just using the DSAs themselves will be an incomplete list.
-- Nicholas Luedtke HPE Linux Security, Hewlett-Packard Enterprise
signature.asc
Description: OpenPGP digital signature
