Open pombredanne opened 5 years ago
Essentially we want to scrape/mine/consume the pages at https://alas.aws.amazon.com/ and https://alas.aws.amazon.com/alas2.html .
Taking it up @sbs2001 @pombredanne !
I checked https://alas.aws.amazon.com/ but I found that the table does not contain fixed and affected versions . I even checked the advisory url( eg https://alas.aws.amazon.com/ALAS-2011-1.html
)but did not find the same. @sbs2001 @pombredanne can you help me.
@tushar912 the new packages mentioned at the advisory page are the fixed packages. It seems there is no easy way to obtain exact affected packages so you can skip finding them.
@sbs2001 I am still confused .Currently what I conclude is to create a PackageURL
object we need version .But currently what I find is that the table doesn't provide any thing related to version of the package which is affected.Please help.
@tushar912 in https://alas.aws.amazon.com/ALAS-2011-1.html I can see this:
From that I can therefore infer:
Does this make sense?
Ok . I understood New Packages are the ones that are fixed and whatever are before were affected.
ok, sorry it it felt like a rehash ....that said we may not have a version that is affected, but rather a version range. @sbs2001 what do you think? that looks like a good use case for the ranges/spec?
Amazon might provide direct access to structured Advisory data at some point https://github.com/amazonlinux/amazon-linux-2023/issues/158#issuecomment-1602766478
@ambuj-1211 @keshav-space is this completed?
See https://alas.aws.amazon.com/ There are two variants: AL and AL2