We want to enrich the CVEs, we get from CVEListV5 with information from the Debian Security Tracker.
The repo for the Debian Security Tracker contains the file data/CVE/list, which is one text file that contains all CVEs and the related triage information from the Debian Security team. Fetch the latest version of the repo, parse this file and extract the information related to each CVE, such that we can later use it to make our own triage decisions.
Especially important are the relations between the CVEs and Debian packages, since we later can use this information to create our own mapping from the CPEs of a CVE to a Debian package.
Also other parts like the optional notes could be useful later.
The file also links to corresponding Debian Security Advisory (DSA) and Debian Long Term Support Security Advisory (DLA). For now we can ignore these relations, since we first have to find out if this information is useful for us. The current build process does not consume packages from the security repositories for which these DSAs and DLAs are created.
We want to enrich the CVEs, we get from CVEListV5 with information from the Debian Security Tracker.
The repo for the Debian Security Tracker contains the file
data/CVE/list, which is one text file that contains all CVEs and the related triage information from the Debian Security team. Fetch the latest version of the repo, parse this file and extract the information related to each CVE, such that we can later use it to make our own triage decisions.Especially important are the relations between the CVEs and Debian packages, since we later can use this information to create our own mapping from the CPEs of a CVE to a Debian package.
Also other parts like the optional notes could be useful later.
The file also links to corresponding Debian Security Advisory (DSA) and Debian Long Term Support Security Advisory (DLA). For now we can ignore these relations, since we first have to find out if this information is useful for us. The current build process does not consume packages from the security repositories for which these DSAs and DLAs are created.