Disable another discontinued data source from Red Hat

Red Hat does not provide anymore CVE metadata from Bugzilla in xml form
for further parsing. Disable it now.

A future update might fetch data from te alterantive new sources.

Link: https://www.redhat.com/en/blog/future-red-hat-security-data
Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>

1 files changed, 6 insertions, 3 deletions

diff --git a/check-external/update.sh b/check-external/update.sh
index 4025728e2c..10402da1dd 100755
--- a/check-external/update.sh
+++ b/check-external/update.sh
@@ -46,9 +46,12 @@ check_list() {
 # but it is sufficient for now to get some additional CVE information
 # from Red Hat source
 wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classification=Other&component=vulnerability&f1=alias&o1=regexp&product=Security%20Response&query_format=advanced&v1=^CVE-.*&order=priority%2Cbug_severity&limit=0'
-# Some extra data is readily available as an xml file
-wget -N https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml
-cat redhat-bugzilla.html cve-metadata-from-bugzilla.xml |
+# Some extra data is readily available as an xml file (until 2023-11-08)
+# discontinued as per https://www.redhat.com/en/blog/future-red-hat-security-data
+# last archived version: https://access.redhat.com/security/data/archive/cve-metadata-from-bugzilla_20231108.xml
+#wget -N https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml
+#cat redhat-bugzilla.html cve-metadata-from-bugzilla.xml |
+cat redhat-bugzilla.html |
 perl -ne 'print "$1\n" while (s/(CVE-[12][0-9]{3}-[0-9]{4,})//);' | sort -u > cve.list
 check_list cve.list