Document how to run bin/compare-nvd-cve.

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@47337 e39458fd-73e7-0310-bf30-c45bca0a0e42

2 files changed, 20 insertions, 2 deletions

diff --git a/Makefile b/Makefile
index 7d296c7afb..4e56cd3d66 100644
--- a/Makefile
+++ b/Makefile
@@ -247,4 +247,15 @@ update-nvd:
 	done
 	python bin/update-nvd data/nvd/nvdcve-*.xml
 
+# Experimental code to compare the Debian and NVD CVE databases using
+# CPE values as common key.
+update-compare-nvd:
+	mkdir -p data/nvd2
+	for x in $$(seq 2002 $$(date +%Y)) ; do \
+	  name=nvdcve-2.0-$$x.xml.gz; \
+	  wget -q -Odata/nvd2/$$name https://static.nvd.nist.gov/feeds/xml/cve/$$name || true ; \
+	  gzip -f -d data/nvd2/$$name || true; \
+	done
+	bin/compare-nvd-cve 2> compare-nvd-cve.log
+
 update-all: update-nvd update-lists update-packages update-oldstable update-stable update-security update-testing-security update-packages update-backports all
diff --git a/bin/compare-nvd-cve b/bin/compare-nvd-cve
index b2aa206eec..1fffbde745 100755
--- a/bin/compare-nvd-cve
+++ b/bin/compare-nvd-cve
@@ -45,10 +45,15 @@ while (<$fh>) {
 close $fh;
 
 #
-# Fetched from http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2008.xml
+# Fetched from http://static.nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-2016.xml.gz
 #
 for my $cvelist
     (
+     "nvdcve-2.0-2016.xml",
+     "nvdcve-2.0-2015.xml",
+     "nvdcve-2.0-2014.xml",
+     "nvdcve-2.0-2013.xml",
+     "nvdcve-2.0-2012.xml",
      "nvdcve-2.0-2011.xml",
      "nvdcve-2.0-2010.xml",
      "nvdcve-2.0-2009.xml",
@@ -57,9 +62,11 @@ for my $cvelist
      "nvdcve-2.0-2006.xml",
      "nvdcve-2.0-2005.xml",
      "nvdcve-2.0-2004.xml",
+     "nvdcve-2.0-2003.xml",
+     "nvdcve-2.0-2002.xml",
     ) {
     print STDERR "Loading $cvelist\n" if $debug;
-    my $ref = XMLin("../../" . $cvelist);
+    my $ref = XMLin("data/nvd2/" . $cvelist);
     for my $cve (sort {$b cmp $a} keys %{$ref->{entry}}) {
         print STDERR "Checking $cve\n" if $debug;
         my $entry = $ref->{entry}->{$cve};