[Silvio Cesare] > I recently ran the tool and cross referenced identified code copies with > Debian's security tracking of affected packages by CVE. I did this for all > CVEs in 2010, 2011, and 2012.
This sound like a job that could become a bit easier if we tagged Debian packages with the CPE ids assosiated with CVEs, to make it easier to figure out which Debian package are affected by a given CVE. Are you aware of my proposal to do this, mentioned on debian-security and also drafted on <URL: http://wiki.debian.org/CPEtagPackagesDep >? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
