diff options
| author | Emilio Pozuelo Monfort <pochu@debian.org> | 2018-06-08 09:46:29 +0200 |
|---|---|---|
| committer | Emilio Pozuelo Monfort <pochu@debian.org> | 2018-06-08 10:04:21 +0200 |
| commit | a0c205800723e54d383c1cb54969e4da3922edfb (patch) | |
| tree | 08a6658cfa2d19ad43ae5f24024d988672dedd5b /doc | |
| parent | b59cbe46e12d468b4a41cf599ca12a2dcd024b92 (diff) | |
Document CVE extends support
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/security-team.d.o/security_tracker | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/doc/security-team.d.o/security_tracker b/doc/security-team.d.o/security_tracker index eeea313ca8..cb91082bf7 100644 --- a/doc/security-team.d.o/security_tracker +++ b/doc/security-team.d.o/security_tracker @@ -612,3 +612,23 @@ The following commands build the databases for stable and run a python local ser make serve The website is now available as `http://127.0.0.1:10605/tracker/`. + +Setting up an extended instance +------------------------------- + +The security tracker supports extra sources of data, which can be used +to override or extend the information in CVE/list, and to support your +own announce lists. To do that, add a CVEExtendFile source to +`data/config.json`. Entries in that file can add information to an +existing CVE, e.g. to mark it as fixed or ignored, or to mark it as +affecting additional source packages. For example: + +CVE-2018-11646 + - webkitgtk <unfixed> +CVE-2016-1000340 + [wheezy] - bouncycastle <not-affected> (Vulnerable code introduced later) + +You can also add an announce list of type DSAFile to `data/config.json`, +and then symlink `bin/gen-DSA` to e.g. `bin/gen-MySA` and use that to +create new advisories under your namespace. For that you will need to +add a `data/mysa-needed.txt` file and `doc/MYSA.template`. |