WIP Automatically list CVEs that might be affected by embedded code (!8) · Merge requests · Debian Security Tracker / security-tracker

This is derived from !4 (diffs) and tries to address some of the feedback received there.

It currently generates a report that looks like:

CVE-2018-12495 ['libtext-markdown-discount-perl']
CVE-2018-12233 ['linux-grsec']
CVE-2018-12232 ['linux-grsec']
CVE-2018-1000204 ['linux-grsec']
CVE-2018-11806 ['qemu-kvm', 'xen-3', 'kvm', 'xen-unstable']
CVE-2018-11656 ['graphicsmagick']
CVE-2018-11655 ['graphicsmagick']
CVE-2018-11645 ['gs-gpl']
CVE-2018-11625 ['graphicsmagick']
CVE-2018-11624 ['graphicsmagick']
CVE-2018-11508 ['linux-grsec']
CVE-2018-11506 ['linux-grsec']
...

I imagine this output can be tweaked to make it more useful.

WIP Automatically list CVEs that might be affected by embedded code

Merge request reports