<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/meta-security.git/scripts, branch mut</title>
<subtitle>Mirror of git.yoctoproject.org/meta-security.git</subtitle>
<id>https://git.enea.com/cgit/linux/meta-security.git/atom?h=mut</id>
<link rel='self' href='https://git.enea.com/cgit/linux/meta-security.git/atom?h=mut'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/'/>
<updated>2019-05-27T04:58:33+00:00</updated>
<entry>
<title>cvert-kernel - generate CVE report for the Linux kernel</title>
<updated>2019-05-27T04:58:33+00:00</updated>
<author>
<name>Andrii Bordunov via Openembedded-core</name>
<email>openembedded-core@lists.openembedded.org</email>
</author>
<published>2018-10-10T16:25:10+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=0fc645a94696d7643ac2bbce9f9682376b845ec6'/>
<id>urn:sha1:0fc645a94696d7643ac2bbce9f9682376b845ec6</id>
<content type='text'>
NVD entries for the Linux kernel are almost always outdated.
For example, https://nvd.nist.gov/vuln/detail/CVE-2018-1065
is shown as matched for "versions up to (including) 4.15.7",
however the patch 57ebd808a97d has been back ported for 4.14.

By default, it checks NVD Resource entries for the patch
URLs and looks for the commits in the local GIT tree.

Additionaly ("--resource") it checks other resources, that
may have up-to-date CVE data. You can combine resources and
decide which one you want to be based on.

Signed-off-by: grygorii tertychnyi &lt;gtertych@cisco.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
<entry>
<title>cve-report: add scripts to generate CVE reports</title>
<updated>2019-05-27T04:58:33+00:00</updated>
<author>
<name>Andrii Bordunov via Openembedded-core</name>
<email>openembedded-core@lists.openembedded.org</email>
</author>
<published>2018-10-10T16:25:09+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/meta-security.git/commit/?id=fbc9b4607569520c92baf1352041c813606e8524'/>
<id>urn:sha1:fbc9b4607569520c92baf1352041c813606e8524</id>
<content type='text'>
cvert-foss - generate CVE report for the list of packages.
  Analyze the whole image manifest to align with the complex
  CPE configurations.

cvert-update - update NVD feeds and store CVE structues dump.
  CVE dump is a pickled representation of the cve_struct dictionary.

cvert.py - python library used by cvert-* scripts.
  NVD JSON Vulnerability Feeds https://nvd.nist.gov/vuln/data-feeds#JSON_FEED

Usage examples:

  o Download CVE feeds to "nvdfeed" directory
    % cvert-update nvdfeed
  o Update CVE feeds and store a dump in a file
    % cvert-update --store cvedump nvdfeed
  o Generate a CVE report
    % cvert-foss --feed-dir nvdfeed --output report-foss.txt cve-manifest
  o (faster) Use dump file to generate a CVE report
    % cvert-foss --restore cvedump --output report-foss.txt cve-manifest
  o Generate a full report
    % cvert-foss --restore cvedump --show-description --show-reference \
                 --output report-foss-full.txt cve-manifest

Manifest example:

  bash,4.2,CVE-2014-7187
  python,2.7.35,
  python,3.5.5,CVE-2017-17522 CVE-2018-1061

Report example:

    patched |  7.5 | CVE-2018-1061      | python | 3.5.5
    patched | 10.0 | CVE-2014-7187      | bash | 4.2
    patched |  8.8 | CVE-2017-17522     | python | 3.5.5
  unpatched | 10.0 | CVE-2014-6271      | bash | 4.2
  unpatched | 10.0 | CVE-2014-6277      | bash | 4.2
  unpatched | 10.0 | CVE-2014-6278      | bash | 4.2
  unpatched | 10.0 | CVE-2014-7169      | bash | 4.2
  unpatched | 10.0 | CVE-2014-7186      | bash | 4.2
  unpatched |  4.6 | CVE-2012-3410      | bash | 4.2
  unpatched |  8.4 | CVE-2016-7543      | bash | 4.2
  unpatched |  5.0 | CVE-2010-3492      | python | 2.7.35
  unpatched |  5.3 | CVE-2016-1494      | python | 2.7.35
  unpatched |  6.5 | CVE-2017-18207     | python | 3.5.5
  unpatched |  6.5 | CVE-2017-18207     | python | 2.7.35
  unpatched |  7.1 | CVE-2013-7338      | python | 2.7.35
  unpatched |  7.5 | CVE-2018-1060      | python | 3.5.5
  unpatched |  8.8 | CVE-2017-17522     | python | 2.7.35

Signed-off-by: grygorii tertychnyi &lt;gtertych@cisco.com&gt;
Signed-off-by: Armin Kuster &lt;akuster808@gmail.com&gt;
</content>
</entry>
</feed>
