[Slackbuilds-users] package auditing tool at slackbuilds.org
David Spencer
baildon.research at googlemail.com
Mon Sep 4 13:25:21 UTC 2017
On 4 September 2017 at 00:09, Donald Cooley <chytraeu at sdf.org> wrote:
> Hello,
> is there a tool that lists installed packages that are vulnerable
> against a database of some kind? I thought there was one I had used
> before, but I am unable to recall the name of it. I'm thinking of
> something similar to pkg audit of FreeBSD.
Hi Donald
There's cve-check-tool
https://slackbuilds.org/repository/14.2/system/cve-check-tool/
of course there are multiple issues to think about -- variations in
package naming and version parsing, whether one database is
sufficient, whether the vulnerabilities are realistic, whether our
builds are actually vulnerable...
The database for cve-check-tool is 550 Mb, but the FreeBSD database is
5Mb and the NetBSD database is less than 1.3 Mb. Hmmm.
Cheers
-D.
More information about the SlackBuilds-users
mailing list