Datasource Request: Debian ELTS Advisories

aboutcode-org / vulnerablecode

A free and open vulnerabilities database and the packages they impact. And the tools to aggregate and correlate these vulnerabilities. Sponsored by NLnet https://nlnet.nl/project/vulnerabilitydatabase/ for https://www.aboutcode.org/ Chat at https://gitter.im/aboutcode-org/vulnerablecode Docs at https://vulnerablecode.readthedocs.org/

https://public.vulnerablecode.io

Apache License 2.0

543 stars 201 forks source link

Datasource Request: Debian ELTS Advisories #1585

Open captn3m0 opened 2 months ago

captn3m0 commented 2 months ago

Source: https://www.freexian.com/lts/extended/updates/

Republished in OSV format at https://github.com/captn3m0/debian-elts-advisories/

I'm happy to add a index JSON as well, if needed - but it would probably be easier to ingest via the git repo.

Sample advisory URL: https://captnemo.in/debian-elts-advisories/advisories/ELA-1178-1.json

keshav-space commented 2 months ago

@captn3m0, the patch provided by Freexian is not free, right? Also they don't seem to have any license for their advisory here https://salsa.debian.org/freexian-team/extended-lts/security-tracker. Maybe we should mail them to confirm the license for their advisories.

captn3m0 commented 2 months ago

I think the repos are available to use: https://www.freexian.com/lts/extended/docs/how-to-use-extended-lts/, but the supported package list is determined by the sponsors.

I'm not sure if the patches are published.

keshav-space commented 2 months ago

@captn3m0 Thanks for the clarification. In that case, we just need to confirm the license of the advisory data.