WIP Automatically list CVEs that might be affected by embedded code
This is derived from !4 (diffs) and tries to address some of the feedback received there.
It currently generates a report that looks like:
CVE-2018-12495 ['libtext-markdown-discount-perl'] CVE-2018-12233 ['linux-grsec'] CVE-2018-12232 ['linux-grsec'] CVE-2018-1000204 ['linux-grsec'] CVE-2018-11806 ['qemu-kvm', 'xen-3', 'kvm', 'xen-unstable'] CVE-2018-11656 ['graphicsmagick'] CVE-2018-11655 ['graphicsmagick'] CVE-2018-11645 ['gs-gpl'] CVE-2018-11625 ['graphicsmagick'] CVE-2018-11624 ['graphicsmagick'] CVE-2018-11508 ['linux-grsec'] CVE-2018-11506 ['linux-grsec'] ...
I imagine this output can be tweaked to make it more useful.