[oe] OpenEmbedded and known security issues
Holger Hans Peter Freyther
holger+oe at freyther.de
Fri Feb 26 20:00:19 UTC 2010
On Saturday 23 January 2010 08:27:49 Holger Hans Peter Freyther wrote:
> 2.) The second mode of the script is to compare installed versions with the
> list of known vulnerabilities...
>
>
> Now here comes the idea... Hack OE or bitbake to compare the PN to the PN
> of the database and the PV to the PV of known vulnerabilities.. and then
> mention a problem while parsing and then quit.
Hi,
I will try to hack something tomorrow on my flight to iceland... So we do have
1.) auditfile.tbz from FreeBSD (of course this will not help us with busg in
udev and linux specific things)
2.) I use the output of bitbake -s
3.) I create a file that claims when a FreeBSD issue was fixed (the PR we did)
i try to merge that all with python and spit out a list of vulnerable software
in our tree...
z.
More information about the Openembedded-devel
mailing list