Is there any way to map Ubuntu package name to CPE/USN/CVE?
I have list of packages from multiple Linux systems. From Ubuntu boxes I get them by using dpkg. Because I have it in form of large string (one per device) I'm using regex to get precise package versions and find out if this package has some security vulnerabilities (I'm using cve-search project). It works fine for standard packages (e.g. libxml2:2.9.1) but for Ubuntu specific packages (e.g. openssl:
For Red Hat there is map which I can use, but so far I was unable to find any solution for Ubuntu packages. I tried Ubuntu CVE Tracker - it maps cve to package but I'd like to do opposite (and yes, I tried searching by package name, but I cannot get anything more specific than e.g. http://
Even mapping between package and Ubuntu Security Notices would be useful for me (as cve-search maps cve to usn)!
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Krystian Piwowarczyk for more information if necessary.