Add another bugzilla-based source

git-svn-id: svn+ssh://svn.debian.org/svn/secure-testing@44581 e39458fd-73e7-0310-bf30-c45bca0a0e42
author: Raphael Geissert <atomo64@gmail.com> 2016-09-14 10:00:00 +0000
committer: Raphael Geissert <atomo64@gmail.com> 2016-09-14 10:00:00 +0000
commit: fd1b853054b493bb67a9e1272442118ae5da5a28 (patch)
tree: 3d4e58c5efdf441ff7c9a00d93d0dc7e0ef52c30 /check-external
parent: 5fff97599c6ac8b0f7c43ffe998c2e9c335920da (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/check-external/update.sh b/check-external/update.sh
index 6953618f91..ba1f2041c7 100755
--- a/check-external/update.sh
+++ b/check-external/update.sh
@@ -46,7 +46,10 @@ check_list() {
 # but it is sufficient for now to get some additional CVE information
 # from Red Hat source
 wget -O redhat-bugzilla.html 'https://bugzilla.redhat.com/buglist.cgi?classification=Other&component=vulnerability&f1=alias&o1=regexp&product=Security%20Response&query_format=advanced&v1=^CVE-.*&order=priority%2Cbug_severity&limit=0'
-perl -ne 'print "$1\n" while (s/(CVE-[12][0-9]{3}-[0-9]{4,})//);' < redhat-bugzilla.html | sort -u > cve.list
+# Some extra data is readily available as an xml file
+wget -N https://www.redhat.com/security/data/metrics/cve-metadata-from-bugzilla.xml
+cat redhat-bugzilla.html cve-metadata-from-bugzilla.xml |
+perl -ne 'print "$1\n" while (s/(CVE-[12][0-9]{3}-[0-9]{4,})//);' | sort -u > cve.list
 check_list cve.list
 
 # List of issues fixed by each vendor, according to MITRE. Very
author	Raphael Geissert <atomo64@gmail.com>	2016-09-14 10:00:00 +0000
committer	Raphael Geissert <atomo64@gmail.com>	2016-09-14 10:00:00 +0000
commit	fd1b853054b493bb67a9e1272442118ae5da5a28 (patch)
tree	3d4e58c5efdf441ff7c9a00d93d0dc7e0ef52c30 /check-external
parent	5fff97599c6ac8b0f7c43ffe998c2e9c335920da (diff)