A quick note to report progress on this issue. I'm having a hard time
working with CVS after such a long time, so I've setup a git repository
for the oval generator:
https://github.com/sdelafond/debian-oval
I started with Nicholas' parseJSON2Oval.py, and am making progress
toward aggregating in
It would be great to get this feature working again.
Is there anything in particular holding it up?
Do the patchsets still apply cleanly?
--
Marcus Furlong
Hi Nicholas,
sorry for the long delay in getting back to you on this topic. I finally
set aside the time to go through your work, and it's quite
impressive. I'll need to do a bit more testing, but we should be able to
integrate your contribution into the security repository, and use that
to provid
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Attached is a working solution to this bug. Right now parsing the JSON
Security Tracker Information results in a one definition per CVE. I
hope to reduce this to one definition per package. (Shouldn't be too
much work) Also included in the tar is are m
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Looking at the JSON file we may just be able to get all the data from
there and generate a set of definitions just based off the security
tracker.
Either way now that the split is over with I have some extra time to
start working on this again.
- --
On Mon, Oct 05, 2015 at 09:02:43PM +, Luedtke, Nicholas S wrote:
> Going forward is it safe to assume that
> "fixing versions" are arch independent?
Yes, these are per source package.
Cheers,
Moritz
On Tue, 29 Sep 2015 23:20:54 +0200 =?utf-8?Q?S=C3=A9bastien?= Delafond
wrote:
> The URL is https://security-tracker.debian.org/tracker/data/json (listed
> from https://security-tracker.debian.org/tracker), and using any script
> language against this JSON data it's quite trivial to get the versio
The clean solution these days seems to be about querying the tracker via
the JSON entrypoint. It exposes that info, and avoids relying directly
on {CVE,DSA}/list. Modifying the DSA format itself is a bit involved,
and could have potentially far reaching consequences.
After researching information
Finally, got a chance to look at this and confirm what the others have
been saying. The simplest way would be to add an affected version line
to the DSA. But that may complicate other systems. That being said, I
could just parse from the security tracker unless there is another list
somewhere that
On Aug/04, Nicholas Luedtke wrote:
> Is this still an ongoing issue?
>
> As I am looking at bringing the MITRE Oval Interpreter (ovaldi) up to speed
> for Debian (by modifying and packaging) I am noticing that there have been
> no OVAL Definitions from Debian for quite some time. I can put forth s
Is this still an ongoing issue?
As I am looking at bringing the MITRE Oval Interpreter (ovaldi) up to
speed for Debian (by modifying and packaging) I am noticing that there
have been no OVAL Definitions from Debian for quite some time. I can put
forth some time in to looking at this, if it is
Per https://lists.debian.org/debian-www/2011/10/msg00064.html, the
proper way is apparently to parse DSA/list. I've only had a cursory look
so far, so I'm not sure yet how much effort that requires.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subj
I can give some help.
I try to understand the scripts.
One problem I noticed is that since the update of the DSA format (DSA-2134), we
loose the part where the corrected packages are listed :
--extract--
Fixed in:
Debian GNU/Linux 5.0 (lenny)
Source:
http://security
I will give it a try later this week, when I have some spare time.
Cheers,
--Seb
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Hi,
On Tuesday 11 March 2014 17:06:33 Pierre Chifflier wrote:
> It seems the script to generate OVAL definitions is broken. As the
> maintainer of openscap, I would like to give a try to update the script
> and make the definitions work again.
> Is it possible to access the script ? If so, where ?
Hi,
It seems the script to generate OVAL definitions is broken. As the
maintainer of openscap, I would like to give a try to update the script
and make the definitions work again.
Is it possible to access the script ? If so, where ?
Thanks,
Pierre
--
To UNSUBSCRIBE, email to debian-bugs-dist-r
On Mon, Feb 10, 2014 at 07:27:06PM +0100, Luciano Bello wrote:
> I think your contribution is necessary. Would you like to comment something
> out
> here? :)
As Raphael said, the OVAL script generation code is broken but can be fixed.
I just either need spare time to be able to work on this and/
Hi Javier,
Long time without contact you :)
I filed bugs.debian.org/738199 some hours ago and raphael mentioned that
the project is not abandoned, but "just-broken".
luciano: well, oval itself hasn't been abandoned. It's mainly that
the script that generates the oval definitions for
Package: security.debian.org
Severity: wishlist
The page https://www.debian.org/security/oval/ contains information about Open
Vulnerability and Assessment Language (OVAL) [1] which is abandoned. Please
remove this section.
[1] https://wiki.debian.org/DebianOval
/luciano
--
To UNSUBSCRIBE,
19 matches
Mail list logo
