<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git, branch mut</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=mut</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=mut'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2019-05-27T04:58:33+00:00</updated>
<entry>
<title>cve-report.bbclass: add class</title>
<updated>2019-05-27T04:58:33+00:00</updated>
<author>
<name>Andrii Bordunov via Openembedded-core</name>
<email>openembedded-core@lists.openembedded.org</email>
</author>
<published>2018-10-10T16:25:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=7c08edc7f5d3a1e4c4552509b907baf9cadb279a'/>
<id>urn:sha1:7c08edc7f5d3a1e4c4552509b907baf9cadb279a</id>
<content type='text'>
Implements "report_cve" and "report_patched" tasks.

"report_patched" prepares image manifest with patched CVE info.
"report_cve" runs cvert-* scripts to generate kernel and package CVE reports.

You can configure it to set report filenames, reuse NVD feeds,
stop after manifest generation and ignore specific classes,
like native, nativesdk, etc.

Signed-off-by: grygorii tertychnyi &lt;gtertych@cisco.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>cvert-kernel - generate CVE report for the Linux kernel</title>
<updated>2019-05-27T04:58:33+00:00</updated>
<author>
<name>Andrii Bordunov via Openembedded-core</name>
<email>openembedded-core@lists.openembedded.org</email>
</author>
<published>2018-10-10T16:25:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0fc645a94696d7643ac2bbce9f9682376b845ec6'/>
<id>urn:sha1:0fc645a94696d7643ac2bbce9f9682376b845ec6</id>
<content type='text'>
NVD entries for the Linux kernel are almost always outdated.
For example, https://nvd.nist.gov/vuln/detail/CVE-2018-1065
is shown as matched for "versions up to (including) 4.15.7",
however the patch 57ebd808a97d has been back ported for 4.14.

By default, it checks NVD Resource entries for the patch
URLs and looks for the commits in the local GIT tree.

Additionaly ("--resource") it checks other resources, that
may have up-to-date CVE data. You can combine resources and
decide which one you want to be based on.

Signed-off-by: grygorii tertychnyi &lt;gtertych@cisco.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>cve-report: add scripts to generate CVE reports</title>
<updated>2019-05-27T04:58:33+00:00</updated>
<author>
<name>Andrii Bordunov via Openembedded-core</name>
<email>openembedded-core@lists.openembedded.org</email>
</author>
<published>2018-10-10T16:25:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=fbc9b4607569520c92baf1352041c813606e8524'/>
<id>urn:sha1:fbc9b4607569520c92baf1352041c813606e8524</id>
<content type='text'>
cvert-foss - generate CVE report for the list of packages.
  Analyze the whole image manifest to align with the complex
  CPE configurations.

cvert-update - update NVD feeds and store CVE structues dump.
  CVE dump is a pickled representation of the cve_struct dictionary.

cvert.py - python library used by cvert-* scripts.
  NVD JSON Vulnerability Feeds https://nvd.nist.gov/vuln/data-feeds#JSON_FEED

Usage examples:

  o Download CVE feeds to "nvdfeed" directory
    % cvert-update nvdfeed
  o Update CVE feeds and store a dump in a file
    % cvert-update --store cvedump nvdfeed
  o Generate a CVE report
    % cvert-foss --feed-dir nvdfeed --output report-foss.txt cve-manifest
  o (faster) Use dump file to generate a CVE report
    % cvert-foss --restore cvedump --output report-foss.txt cve-manifest
  o Generate a full report
    % cvert-foss --restore cvedump --show-description --show-reference \
                 --output report-foss-full.txt cve-manifest

Manifest example:

  bash,4.2,CVE-2014-7187
  python,2.7.35,
  python,3.5.5,CVE-2017-17522 CVE-2018-1061

Report example:

    patched |  7.5 | CVE-2018-1061      | python | 3.5.5
    patched | 10.0 | CVE-2014-7187      | bash | 4.2
    patched |  8.8 | CVE-2017-17522     | python | 3.5.5
  unpatched | 10.0 | CVE-2014-6271      | bash | 4.2
  unpatched | 10.0 | CVE-2014-6277      | bash | 4.2
  unpatched | 10.0 | CVE-2014-6278      | bash | 4.2
  unpatched | 10.0 | CVE-2014-7169      | bash | 4.2
  unpatched | 10.0 | CVE-2014-7186      | bash | 4.2
  unpatched |  4.6 | CVE-2012-3410      | bash | 4.2
  unpatched |  8.4 | CVE-2016-7543      | bash | 4.2
  unpatched |  5.0 | CVE-2010-3492      | python | 2.7.35
  unpatched |  5.3 | CVE-2016-1494      | python | 2.7.35
  unpatched |  6.5 | CVE-2017-18207     | python | 3.5.5
  unpatched |  6.5 | CVE-2017-18207     | python | 2.7.35
  unpatched |  7.1 | CVE-2013-7338      | python | 2.7.35
  unpatched |  7.5 | CVE-2018-1060      | python | 3.5.5
  unpatched |  8.8 | CVE-2017-17522     | python | 2.7.35

Signed-off-by: grygorii tertychnyi &lt;gtertych@cisco.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>image: add image for testing</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-27T01:20:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=de00a8fd41b576d6b2afc4d457ed6f3f6eeb273a'/>
<id>urn:sha1:de00a8fd41b576d6b2afc4d457ed6f3f6eeb273a</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>runtime qa: moderize ima test</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-18T15:39:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0acb5d2c7dcacc63f10ca71044b4d80e82d90684'/>
<id>urn:sha1:0acb5d2c7dcacc63f10ca71044b4d80e82d90684</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>initramfs: clean up to pull in packages.</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-26T18:28:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=f5e9ba656e2350cbc5b373df307af2d460f1f6f0'/>
<id>urn:sha1:f5e9ba656e2350cbc5b373df307af2d460f1f6f0</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>data: remove policies</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-26T06:12:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=1bbd9d70f77e67a3a8204a542763b7310c9dd1cc'/>
<id>urn:sha1:1bbd9d70f77e67a3a8204a542763b7310c9dd1cc</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>policy: add ima appraise all policy</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-26T06:10:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=17acb4ec73bce3aef39569b0d9f14f598ef3dd47'/>
<id>urn:sha1:17acb4ec73bce3aef39569b0d9f14f598ef3dd47</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima_policy_simple: add another sample policy</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-26T06:04:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f'/>
<id>urn:sha1:cc754f8e8fc67ebae3dcd5e170cecd1c3b7fc60f</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>ima-policy-hashed: add new recipe</title>
<updated>2019-05-27T04:58:11+00:00</updated>
<author>
<name>Armin Kuster</name>
<email>akuster808@gmail.com</email>
</author>
<published>2019-05-21T14:09:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=e6162d49f9f0c98826550a6ba85f9ec0865be94c'/>
<id>urn:sha1:e6162d49f9f0c98826550a6ba85f9ec0865be94c</id>
<content type='text'>
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
