[Slackbuilds-users] package auditing tool at slackbuilds.org

Donald Cooley chytraeu at sdf.org
Mon Sep 4 14:25:06 UTC 2017


On September 4, 2017 8:25:21 AM CDT, David Spencer <baildon.research at googlemail.com> wrote:
>On 4 September 2017 at 00:09, Donald Cooley <chytraeu at sdf.org> wrote:
>> Hello,
>> is there a tool that lists installed packages that are vulnerable
>> against a database of some kind? I thought there was one I had used
>> before, but I am unable to recall the name of it. I'm thinking of
>> something similar to pkg audit of FreeBSD.
>
>Hi Donald
>
>There's cve-check-tool
>https://slackbuilds.org/repository/14.2/system/cve-check-tool/
>
>of course there are multiple issues to think about -- variations in
>package naming and version parsing, whether one database is
>sufficient, whether the vulnerabilities are realistic, whether our
>builds are actually vulnerable...
>
>The database for cve-check-tool is 550 Mb, but the FreeBSD database is
>5Mb and the NetBSD database is less than 1.3 Mb.  Hmmm.
>
>Cheers
>-D.
>_______________________________________________
>SlackBuilds-users mailing list
>SlackBuilds-users at slackbuilds.org
>https://lists.slackbuilds.org/mailman/listinfo/slackbuilds-users
>Archives - https://lists.slackbuilds.org/pipermail/slackbuilds-users/
>FAQ - https://slackbuilds.org/faq/

Thanks David. That's what I was thinking of
-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the SlackBuilds-users mailing list