[Slackbuilds-users] package auditing tool at slackbuilds.org

David Spencer baildon.research at googlemail.com
Mon Sep 4 13:25:21 UTC 2017


On 4 September 2017 at 00:09, Donald Cooley <chytraeu at sdf.org> wrote:
> Hello,
> is there a tool that lists installed packages that are vulnerable
> against a database of some kind? I thought there was one I had used
> before, but I am unable to recall the name of it. I'm thinking of
> something similar to pkg audit of FreeBSD.

Hi Donald

There's cve-check-tool
https://slackbuilds.org/repository/14.2/system/cve-check-tool/

of course there are multiple issues to think about -- variations in
package naming and version parsing, whether one database is
sufficient, whether the vulnerabilities are realistic, whether our
builds are actually vulnerable...

The database for cve-check-tool is 550 Mb, but the FreeBSD database is
5Mb and the NetBSD database is less than 1.3 Mb.  Hmmm.

Cheers
-D.


More information about the SlackBuilds-users mailing list