The source project of this merge request has been removed.
Add tool to track CVEs in related packages
This PR introduces a new tool that can be used to report or add CVEs from related packages.
See https://lists.debian.org/debian-lts/2021/08/msg00045.html for a detailed overview and some discussion.
This fixes 738172 (automatically handling renamed packages), and can also be used to cover / experiment with !4 and !8 (reporting CVEs that may affect given packages due to embedded code copies).
It is meant to be expanded and allows querying other cases such as groups of versioned packages.
It also handles additional use cases involving a separate extended release (e.g. automatically tracking old renamed packages in ELTS).