The purpose of checkvuln is to audit installed software against a number of vulnerability databases.
checkvuln is currently compatible with MacPorts.
checkvuln is currently compatible with the Vulnerability and eXposure Markup Language (VuXML) list managed by the FreeBSD project. Unlike a lot of distributors of OSS, the VuXML list is kept up-to-date regardless of whether or not a fix exist, which has the benefit of lowering the delay of when the end-user is informed.
Use setup.py:
$ python setup.py install
Example configuration (~/.checkvuln/checkvuln.cfg):
[output]
fmt = {name}-{version}: {summary}
[remote.vuxml]
url = https://svn.freebsd.org/ports/head/security/vuxml/vuln.xml
cafile = ~/.checkvuln/cafile.pem
cache = ~/.checkvuln/vuxml.xml
modified = ~/.checkvuln/vuxml.mod
[local.macports]
database = /opt/local/var/macports/registry/registry.db
remote = remote.vuxml
And run checkvuln:
$ checkvuln fetching remote.vuxml -- this may take a while.. libxml2-2.9.2: libxml2 -- Enforce the reader to run in constant memory openssl-1.0.2: openssl -- multiple vulnerabilities python27-2.7.6: Python -- buffer overflow in socket.recvfrom_into() sqlite3-3.8.8.3: sqlite -- multiple vulnerabilities
Works with python 3.x and 2.7.10