On Tue, 29 Sep 2015 23:20:54 +0200 =?utf-8?Q?S=C3=A9bastien?= Delafond <s...@debian.org> wrote:
> The URL is https://security-tracker.debian.org/tracker/data/json (listed > from https://security-tracker.debian.org/tracker), and using any script > language against this JSON data it's quite trivial to get the version > fixing a given CVE, which should be the only thing missing for the > current DSA. The JSON file doesn't include architecture data that the previous .data files included for DSA's. Going forward is it safe to assume that "fixing versions" are arch independent? (At least for OVAL definition purposes) Prior to breaking, the generator would create separate definitions for each arch, even though often the updated package version would be the same. -- Nicholas Luedtke Linux for HP Helion OpenStack, Hewlett-Packard
