Calling it "support" is a bit of a stretch. I intentionally didn't change the usage text to mention equery. I didn't bother implementing support for -p.
Most of the hard-coded pkg checks already in LES make use of Debian / Ubuntu package naming convention. As such, they didn't match before this patch. For the most part, they still don't match after this patch.
This is the same issue as the package list parsing for pacman (#30). Not a big deal: we can add package names for debian/pacman/equery to each exploit if we want.
The good news is that glibc does match, and given that this is the most exploited userland package, this is a quick win.
mzet-
commented
5 years ago
Rudimentary parsing for equery package list.
Calling it "support" is a bit of a stretch. I intentionally didn't change the usage text to mention
equery. I didn't bother implementing support for-p.Most of the hard-coded
pkgchecks already in LES make use of Debian / Ubuntu package naming convention. As such, they didn't match before this patch. For the most part, they still don't match after this patch.This is the same issue as the package list parsing for pacman (#30). Not a big deal: we can add package names for debian/pacman/equery to each exploit if we want.
The good news is that
glibcdoes match, and given that this is the most exploited userland package, this is a quick win.