diff options
author | Petter Reinholdtsen <pere@debian.org> | 2016-12-22 11:23:31 +0000 |
---|---|---|
committer | Petter Reinholdtsen <pere@debian.org> | 2016-12-22 11:23:31 +0000 |
commit | 4b9426d0b8c5179371eeddc980a2a9e8aa2eb42c (patch) | |
tree | b51f4da6e91420082e15fc2a729cc19bee9fc89d | |
parent | 7cb688824d4533c2cd97e2effa2cad697e5c0378 (diff) |
Document how to run bin/compare-nvd-cve.
git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47337 e39458fd-73e7-0310-bf30-c45bca0a0e42
-rw-r--r-- | Makefile | 11 | ||||
-rwxr-xr-x | bin/compare-nvd-cve | 11 |
2 files changed, 20 insertions, 2 deletions
@@ -247,4 +247,15 @@ update-nvd: done python bin/update-nvd data/nvd/nvdcve-*.xml +# Experimental code to compare the Debian and NVD CVE databases using +# CPE values as common key. +update-compare-nvd: + mkdir -p data/nvd2 + for x in $$(seq 2002 $$(date +%Y)) ; do \ + name=nvdcve-2.0-$$x.xml.gz; \ + wget -q -Odata/nvd2/$$name https://static.nvd.nist.gov/feeds/xml/cve/$$name || true ; \ + gzip -f -d data/nvd2/$$name || true; \ + done + bin/compare-nvd-cve 2> compare-nvd-cve.log + update-all: update-nvd update-lists update-packages update-oldstable update-stable update-security update-testing-security update-packages update-backports all diff --git a/bin/compare-nvd-cve b/bin/compare-nvd-cve index b2aa206eec..1fffbde745 100755 --- a/bin/compare-nvd-cve +++ b/bin/compare-nvd-cve @@ -45,10 +45,15 @@ while (<$fh>) { close $fh; # -# Fetched from http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2008.xml +# Fetched from http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz # for my $cvelist ( + "nvdcve-2.0-2016.xml", + "nvdcve-2.0-2015.xml", + "nvdcve-2.0-2014.xml", + "nvdcve-2.0-2013.xml", + "nvdcve-2.0-2012.xml", "nvdcve-2.0-2011.xml", "nvdcve-2.0-2010.xml", "nvdcve-2.0-2009.xml", @@ -57,9 +62,11 @@ for my $cvelist "nvdcve-2.0-2006.xml", "nvdcve-2.0-2005.xml", "nvdcve-2.0-2004.xml", + "nvdcve-2.0-2003.xml", + "nvdcve-2.0-2002.xml", ) { print STDERR "Loading $cvelist\n" if $debug; - my $ref = XMLin("../../" . $cvelist); + my $ref = XMLin("data/nvd2/" . $cvelist); for my $cve (sort {$b cmp $a} keys %{$ref->{entry}}) { print STDERR "Checking $cve\n" if $debug; my $entry = $ref->{entry}->{$cve}; |