[yocto-security] [yocto] CVE list vs bugzilla
Sona Sarmadi
sona.sarmadi at enea.com
Wed May 20 05:38:58 PDT 2015
> Hi Sona,
>
> Have you given any further thought about using the cve-check-tool?
>
> https://github.com/ikeydoherty/cve-check-tool
>
> A bugzilla plugin would need to be added but it may help here to avoid
> duplication.
>
Thanks John,
For a while ago I tried to use cvechecker, I found that tool not very user-friendly. I didn't have time to investigate further I gave up :( but this is on my to-do-list so I will give it a try.
How is cve-check-tool related to the other cvechecker tools?
- cvechecker-x.tar.gz : http://sourceforge.net/projects/cvechecker/files
- git://github.com/sjvermeu/cvechecker.git
- poky-contrib: git clone git://git.yoctoproject.org/poky-contrib
- YoctoSecurityAdvisoryTrackingUtility:
https://github.com/ScottGarman/YoctoSecurityAdvisoryTrackingUtility
There are some other CVE-Compatible Products/tools:
https://cve.mitre.org/compatible/compatible.html
Cheers
//Sona
More information about the yocto-security
mailing list