Skip to content

Releases: HubTou/pysec2vuxml

pysec2vuxml-3.0

21 Apr 17:07
@HubTou HubTou
3.0
8ae6362
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
pysec2vuxml-3.0 Latest
Latest
  • Software:
    • Added generation of names for a defined range of port flavours
    • Extracted WWW and COMMENT fields from ports Makefiles in order to check the relevance of vulnerabilities for ports of similar names
    • Added downloading and caching of CVE entries from the new Mitre web service in order to get the publication date of vulnerabilities
    • Added printing flavours and versions detected for a vulnerable ports, filtering entries with the WWW or COMMENT field
    • Modified PYSEC vulnerabilities display to filter out empty fields and limit the characters printed for details
    • Added code to avoid processing already reported vulnerabilities
    • Added searching for already reported vulnerabilities in references/url when there's no references/cvename
    • Added searching for already reported vulnerabilities for other port names
    • Added replacing < and > characters with &lt; and &gt;
  • Documentation:
    • Modified the way to write topics using py-PACKAGE instead of py39-PACKAGE in the entry skeleton
    • Added common flavours to affected packages' name in the entry skeleton
    • Replaced manual ways to fill the entry skeleton with the almost automated one
    • Documented how to verify and submit new entries
    • Documented how to clear cached files
  • Data:
    • Renamed and updated the new entries file from vuxml_newentries.txt to vuxml_new_entries.xml
    • Added the vuxml_modified_entries.xml file to list modifications to existing entries
    • Added the reported.txt for vulnerabilities reported but not yet committed in FreeBSD
    • Updated the results.txt file
Assets 2
Loading

pysec2vuxml-2.0

10 Apr 16:28
@HubTou HubTou
2.0
d8348a1
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
pysec2vuxml-2.0

Software:

  • Print a table of contents summary for the vulnerabilities found
  • Print a pref-filled VuXML skeleton for each vulnerability found
  • Improve the verification for vulnerabilities already reported to FreeBSD VuXML
  • Process an ignore.txt file listing vulnerabilities IDs to ignore (because they don't apply to FreeBSD)
  • Fetch maintainer email from ports makefiles
  • Handle the few packages with non standard versionning

Documentation:

  • Added a TODO.md file with ideas for future versions
  • Updated the results.txt output example
  • Updated the new VuXML produced from the tool discoveries
  • Improved the instructions for reporting vulnerabilities to the FreeBSD project
  • Improved the instructions to install and update the ports Index and tree
Loading

pysec2vuxml-1.0

06 Apr 21:01
@HubTou HubTou
1.0
ed4853e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
pysec2vuxml-1.0
  • Initial public release
Loading