Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
doc
 
 
 
 
src
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

arch-audit

crats.io Build Status FOSSA Status

pkg-audit-like utility for Arch Linux.

Uses data collected by the awesome Arch Security Team.

Installation

Latest release from official repositories

pacman -S arch-audit

Development version from AUR

The PKGBUILD is available on AUR.

After the installation just execute arch-audit.

Development version from sources

git clone https://github.com/ilpianista/arch-audit
cd arch-audit
cargo build
cargo run

Example output

$ arch-audit
Package bzip2 is affected by CVE-2016-3189. Medium risk!
Package curl is affected by CVE-2016-9594, CVE-2016-9586. Update to 7.52.1-1!
Package gst-plugins-bad is affected by CVE-2016-9447, CVE-2016-9446, CVE-2016-9445. High risk!
Package jasper is affected by CVE-2016-8886. Medium risk!
Package libimobiledevice is affected by CVE-2016-5104. Low risk!
Package libtiff is affected by CVE-2015-7554. Critical risk!
Package libusbmuxd is affected by CVE-2016-5104. Low risk!
Package openjpeg2 is affected by CVE-2016-9118, CVE-2016-9117, CVE-2016-9116, CVE-2016-9115, CVE-2016-9114, CVE-2016-9113. High risk!
Package openssl is affected by CVE-2016-7055. Low risk!

$ arch-audit --upgradable --quiet
curl>=7.52.1-1

$ arch-audit -uf "%n|%c"
curl|CVE-2016-9594,CVE-2016-9586

Donate

Donations via Liberapay or Bitcoin (1Ph3hFEoQaD4PK6MhL3kBNNh9FZFBfisEH) are always welcomed, thank you!

False Positive

Please before reporting false positive check https://security.archlinux.org first. arch-audit parses that page and then if that page reports a false positive, arch-audit will do too. Get in touch with the Arch Linux Security team via IRC at freenode#archlinux-security. Thanks!

License

MIT

FOSSA Status

You can’t perform that action at this time.