Hi Thorsten, On Wed, Mar 04, 2020 at 02:22:40PM +0100, Thorsten Paßfeld wrote: > Since Debian is so widely used and appreciated, especially by us over at > Greenbone, it is obvious that we will want to continue supporting your > advisories such as DSA and DLA in the future. To do that, I have come across > your useful way of presenting information from your security tracker in JSON > (https://security-tracker.debian.org/tracker/data/json). This is really > really useful and almost what I need. > > However, this is how our scripts currently look like for checking packages > that are stated in your DLAs or DSAs: > https://vulners.com/openvas/OPENVAS:1361412562310704634 > > As you can see, it's a bit of a problem that all of your information in JSON > is listed by packages and their CVEs without any reference to a DSA/DLA > advisory. In order to use your information in JSON in the future, it would > be fantastic to have the information be listed by advisories (such as a DSA > or DLA with their ID, for example). Then, it would branch into e.g. a list > of all related CVEs, OS-versions (you'd probably call it "releases"), all > affected package names, their fixed versions, the status and the > description. > > Since this information should all be present in your database, I could > definitely see this working and it would be of huge value! Let me know what > you think about this. If we could get this implemented as soon as possible, > it would be fantastic! Having to parse HTML is not contemporary anymore. > This would be a great step forward in the right direction.
Yes this is indeed a yet missing feature of the export, and we have an issue tracking it here: https://salsa.debian.org/security-tracker-team/security-tracker/issues/1 . Regards, Salvatore
