Package: security.debian.org Currently the Debian OVAL lack (critical) information from the files, specifically the severity setting of the patch.
I wanted to ask if it would be possible for the XML files that the script you run will include the <severity> rating of the DSA advisory? The DSA advisory itself doesn't include the severity but the CVE do, so scraping the information from the NIST site would allow you to know what is the severity ( by taking each CVE's CVSSv3 score and seeing which number is "highest" ) If you agree to this, and need help getting this to work, I can lend a hand - I can provide code on how to "harvest" the NVD NIST site for the information, or take the information from NDV NIST's XML files (which they provide) -- Thanks, Noam Rathaus Beyond Security PGP Key ID: 2D24B275B1EB4475 (Exp 2018-03)
