Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Track published/modified date for debian data #732

Open
wagoodman opened this issue Nov 14, 2024 · 1 comment
Open

Track published/modified date for debian data #732

wagoodman opened this issue Nov 14, 2024 · 1 comment
Labels
blocked enhancement New feature or request

Comments

@wagoodman
Copy link
Contributor

Today the debian DSA data has looks like this (in the workspace input dir):

[11 Nov 2024] DSA-5811-1 mpg123 - security update
	{CVE-2024-10573}
	[bookworm] - mpg123 1.31.2-1+deb12u1
[11 Nov 2024] DSA-5810-1 chromium - security update
	{CVE-2024-10826 CVE-2024-10827}
	[bookworm] - chromium 130.0.6723.116-1~deb12u1
[11 Nov 2024] DSA-5809-1 symfony - security update
	{CVE-2024-50340 CVE-2024-50342 CVE-2024-50343 CVE-2024-50345}
	[bookworm] - symfony 5.4.23+dfsg-1+deb12u3
[11 Nov 2024] DSA-5808-1 ghostscript - security update
	{CVE-2024-46951 CVE-2024-46952 CVE-2024-46953 CVE-2024-46955 CVE-2024-46956}
	[bookworm] - ghostscript 10.0.0~dfsg-11+deb12u6

From this we could derive at least publication date, and maybe discern modification date if a CVE is listed multiple times (needs investigation).

This will require the OS schema to be updated to allow for these kinds of fields #266

@wagoodman
Copy link
Contributor Author

Open question: how can we get this information for unsupported versions (e.g. debian 7)?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
blocked enhancement New feature or request
Projects
Status: No status
Development

No branches or pull requests

1 participant