Permalink
Switch branches/tags
Nothing to show
Find file
Fetching contributors…
Cannot retrieve contributors at this time
302 lines (226 sloc) 10.4 KB
**
** This Changelog is kept for historical reasons.
** Please use the git commit log for more information.
**
** https://github.com/sjvermeu/cvechecker/commits/master
**
** (2017-03-27) Release 3.8
** (2017-03-13) Sven Vermeulen
- Fix bug about CVE data not being taken (seen as already existing
while it is not)
** (2017-03-01) Release 3.7
** (2017-03-01) Sven Vermeulen
- Support sequences in CVE longer than 4 positions
** (2016-09-19) Sven Vermeulen
- Use nvdcve-2.0-Modified.xml with capitalized M
** (2015-11-07) Release 3.6
** (2015-11-06) Sven Vermeulen
- Download compressed NVD XML files
** (2015-08-08) Christopher Warner
- Add .gitignore cleanups
- Remove AM_PROG_CC_C_O as AC_PROG_CC was rewritten to implement the check for C compiler supporting -c and -o options together
- Remove deprecated form of macro call for AM_INIT_AUTOMAKE
- AC_MSG_WARN([Please make sure pkg-config is installed and autoreconf run])
- INCLUDES has been depreacted for AM_CPPFLAGS
- Make sqlite the default DB
- Update depcomp
- Update missing
- Refresh install-sh
- README to README.md minor cleanup
- Delete README
- Update this ChangeLog
** (2014-07-07) Sven Vermeulen
- Drop all .svn dirs (thx to Jason Zaman)
** (2014-02-28) Christopher Meng
- Add check for wget availability
** (2013-10-20) Sven Vermeulen
- Do not reuse rc variable when checking upgrade return codes (as rc
contained a string length)
** (2013-09-30) Release 3.5
** (2013-09-20) Sven Vermeulen
- Add LICENSE to distribution archive
- Update feature request document with request for handling false
positives (ack/ignore) from within cvechecker
** (2013-09-17) Sven Vermeulen
- Report by cvereport should show all files in scope
** (2013-09-17) Release 3.4
** (2013-09-17) Sven Vermeulen
- Quote variables in pullcves, otherwise the tests (such as "is empty")
have wrong return values (resulting in a hanging pullcves command)
** (2013-09-16) Release 3.3
** (2013-08-17) Anne Mulhern <e-mail redacted>
- Support configuration file lookup through the CVECHECKER_CONFFILE
environment variable
** (2013-08-17) Sven Vermeulen
- Some CVEs mention CPEs without version
- Update documents with latest developments
** (2013-08-15) Sven Vermeulen
- Further improve error handling
- Update default location for versions.dat to github URL
- Remove versions.dat with a pullcves cleancache
- Feed tb_cpe_versions table if it is not "full"
- Allow binlist to be stdin if "-" is provided
** (2013-08-14) Sven Vermeulen
- Exit gracefully in pullcves
** (2013-08-14) Anne Mulhern <e-mail redacted>
- Handle cvechecker return codes in pullcves
- Properly bail out if CPE data is not correctly formatted
** (2013-08-11) Anne Mulhern <e-mail redacted>
- Fix zero cpeids in tb_binmatch table
- Improve return code handling in sqlite code
** (2013-08-11) Sven Vermeulen <sven.vermeulen@siphos.be>
- Check on CPE field sizes to prevent potential overflows
- Check on CVE field sizes before loading into database
- Use LARGEFIELDSIZE for contentmatch column (tb_versionmatch) and
C-type variables related to the content match
- Introduce database fixing for MySQL
- Remove unused variables
** (2013-07-08) Sven Vermeulen <sven.vermeulen@siphos.be>
- Handle cve data file open failures correctly
- Bail out when SQL instruction in SQLite fails
** (2013-02-04) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add fix for cpe:language when additional ':' was provided (Thanks to
Arnaud Fileux)
** (2012-11-25) Release 3.2
** (2012-11-25) Sven Vermeulen <sven.vermeulen@siphos.be>
- Fix declarations for dummy database handlers wrt cvss scoring
** (2012-05-13) Sven Vermeulen <sven.vermeulen@siphos.be>
- Use memset in zero_string
- Clean up buffers before reusing (suggestion by Francesco Colista)
** (2012-04-20) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add check on xsltproc (reported by Scott Garman)
** (2012-01-22) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add CVSS scoring information to the report
** (2011-07-21) Sven Vermeulen <sven.vermeulen@siphos.be>
- Update buffer size checks
** (2011-04-13) Release 3.1
** (2011-04-11) Sven Vermeulen <sven.vermeulen@siphos.be>
- Sanitize hostname/userdefkey in MySQL implementation
- Fix weird bug when both sqlite and mysql support is requested
** (2011-04-11) Release 3.0
** (2011-04-11) Sven Vermeulen <sven.vermeulen@siphos.be>
- Fix reporting on existing entries in the database
- Fix reporting on software installation (header mismatch)
- Fix cpepart error in reporting (MySQL)
- Update documentation and manual pages
- Update MySQL to InnoDB and use foreign keys for referential
integrity
** (2011-04-10) Sven Vermeulen <sven.vermeulen@siphos.be>
- Improve CVE loadtime
- Enhance pullcves to deduce dates rather than hardcode them
- Updates on documentation and manual pages
** (2011-04-01) Sven Vermeulen <sven.vermeulen@siphos.be>
- More MySQL support
** (2011-04-01) Sven Vermeulen <sven.vermeulen@siphos.be>
- Pull up fieldsize from 64 to 128 characters
- Make sizes a bit more manageable
- Drop some dead code
** (2011-03-24) Sven Vermeulen <sven.vermeulen@siphos.be>
- Start framework to support MySQL
** (2011-02-24) Sven Vermeulen <sven.vermeulen@siphos.be>
- Allow pullcves to pull information of 2011 too
** (2011-02-21) Sven Vermeulen <sven.vermeulen@siphos.be>
- Support watchlist (provide software titles not detected by
cvechecker)
** (2010-12-01) Release 2.0
** (2010-12-01) Sven Vermeulen <sven.vermeulen@siphos.be>
- Make scripts more generic (not Gentoo specific)
** (2010-11-27) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add manpages for scripts
** (2010-11-26) Sven Vermeulen <sven.vermeulen@siphos.be>
- Do not allow unquoted " characters in contentmatch
- Add scripts to provide easier versions.dat rules
** (2010-11-02) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add index on tb_cve for CPE data
- Cleanup of code
** (2010-11-01) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add support for 'higher version' reporting (but still
has a lot of quirks to resolve).
** (2010-10-30) Sven Vermeulen <sven.vermeulen@siphos.be>
- Adding delta processing of binary files
** (2010-10-01) Release 1.0
** (2010-09-10) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add link to CVE details in report
- More error handling / buffer overflow fixes
** (2010-09-08) Release 0.6
** (2010-09-08) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add indexes on sqlite3 databases (performance impact)
- Add support to view detected software
** (2010-09-04) Sven Vermeulen <sven.vermeulen@siphos.be>
- Fix bug in pullcves when it is an initial pull (which failed)
** (2010-09-04) Sven Vermeulen <sven.vermeulen@siphos.be>
- Use posix sh for distributed scripts
- Do not distribute previous sample files (part of cvereport now)
** (2010-09-03) Sven Vermeulen <sven.vermeulen@siphos.be>
- Use '...' around files in strings command
- Fix buffer overrun in search_and_substitute_group
- Disallow files with "," in their name
- CVEs whose CPE shows less information than those stored in the
database should be shown as vulnerabilities (say "foo version 1.2" is
vulnerable, then "foo version 1.2, edition 3" should be marked as
vulnerable as well).
- Create tables for tb_cpe_(aho)_64 (after all, we created the
database as well)
- Fix bug in regular expression group substitution
- Automatically update database (fix process)
** (2010-09-02) Release 0.5
** (2010-09-01) Nigel Horne <njh@bandsman.co.uk>
- Update configure.ac for FreeBSD builds
- Update configure.ac for NetBSD builds
- Lower libconfig requirement to 1.3
** (2010-09-01) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add /usr/local/include for FreeBSD builds
- Lower autoconf/automake required versions
- Add cvereport script for reporting purposes
** (2010-08-29) Sven Vermeulen <sven.vermeulen@siphos.be>
- Update pullcves to only import differences with last pull (for CVEs)
- Add "cleancache" in pullcves
** (2010-08-26) Sven Vermeulen <sven.vermeulen@siphos.be>
- Random code cleanups, also build with -Wall now
** (2010-08-25) Release 0.4
** (2010-08-25) Sven Vermeulen <sven.vermeulen@siphos.be>
- Remove unneeded error message (cosmetic)
- XSL transformation scripts are not distributed properly
- Add pullcves manual page
- Support different returncodes for pullcves + only download/import
when needed (feature request of Nigel Horne <njh@bandsman.co.uk>)
** (2010-08-04) Nigel Horne <njh@bandsman.co.uk>
- Add cvedebian script as integrator between cvechecker and Debian's
security information
** (2010-08-24) Sven Vermeulen <sven.vermeulen@siphos.be>
- Reorganize project repository (src, docs,data, conf, scripts)
- Fix bug where file->cpe matches keep on being added instead of
overwritten
- Add better description on error messages (reported by Nigel Horne
<njh@bandsman.co.uk>)
- Add check for argp.h (reported by Nigel Horne <njh@bandsman.co.uk>)
- Add feature requests documentation
- Add gentoo scripts to help add new version matching data
** (2010-08-20) Release 0.3
** (2010-08-20) Sven Vermeulen <sven.vermeulen@siphos.be>
- Remove debug/verbose stuff, gdb is far too powerful to ignore
- Make CSV output version-specific in case future versions deviate
from the current CSV output format
- Add example files for reporting
** (2010-08-18) Sven Vermeulen <sven.vermeulen@siphos.be>
- Add "--no-check-certificate" to wget calls to allow for sourceforge
pulls even when the sourceforge site's certificates are not known
(reported by Nigel Horne <njh@bandsman.co.uk>)
** (2010-08-17) Sven Vermeulen <sven.vermeulen@siphos.be>
- Fix filename matching (bug was that only full names matched)
- Add some debugging support in the application (show SQL commands)
** (2010-08-16) Sven Vermeulen <sven.vermeulen@siphos.be>
- Support for reading /proc/version (not executable, we shouldn't only
focus on executables, some libraries are interesting as well) to get
the Linux kernel version
** (2010-08-16) Release 0.2
** (2010-08-16) Sven Vermeulen <sven.vermeulen@siphos.be>
- Fix configure.ac and Makefile.am to better conform with
autotools/automake rules and guidelines (for instance, now supports
"make install" command)
- Fix compiler warnings about int versus size_t (%d should be %uz)
- Update pullcves, now support pulling versions.dat file as well
- Update cvechecker, now checks /usr/local/etc/cvechecker.conf as well
** (2010-08-14) Release 0.1
** (2010-08-14) Sven Vermeulen <sven.vermeulen@siphos.be>
- Initial release