1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# TODO: write a tool that reads this file
# TODO: and updates CVE info based on it
[redhat]
year = 1999 ... 2016
download = https://www.redhat.com/security/data/cve/cve-{year}.html
url = https://access.redhat.com/security/cve/{id}
match = CVE-[0-9]{4,}-[0-9]+
select = match
[mitre]
vendor = SUSE DEBIAN GENTOO FEDORA REDHAT UBUNTU
download = https://cve.mitre.org/data/refs/refmap/source-{vendor}.html
url = https://cve.mitre.org/cgi-bin/cvename.cgi?name={id}
match = CVE-[0-9]{4,}-[0-9]+
select = match
[gnutls]
download = http://www.gnutls.org/security.html
url = http://www.gnutls.org/security.html#{id}
match = GNUTLS-SA-[0-9]{4,}-[0-9]+
select = match
[drupal-core]
type = id
page = 0 ... 6
download = https://www.drupal.org/security?page={page}
url = https://www.drupal.org/{id}
match = SA-CORE-[0-9]{4,}-[0-9]+
match-to-id = s/^/DRUPAL-/
id-to-slug = s/^DRUPAL-//
select = match
[drupal-contrib]
page = 0 ... 96
download = https://www.drupal.org/security/contrib?page={page}
match = SA-CONTRIB-[0-9]{4,}-[0-9]+
match-to-id = s/^/DRUPAL-/
select = href
[drupal-psa]
page = 0 ... 1
download = https://www.drupal.org/security/psa?page={page}
url = https://www.drupal.org/{slug}
match = PSA-[0-9]{4,}-[0-9]+
match-to-id = s/^/DRUPAL-/
id-to-slug = s/^DRUPAL-//
select = match
[nodesecurity]
download = https://nodesecurity.io/advisories
match = /advisories/[a-z_]+
match-attr = href
url = https://nodesecurity.io{match}
[redmine]
type = diff
download = https://www.redmine.org/projects/redmine/wiki/Security_Advisories
[jvn]
type = id
download = https://jvn.jp/en/jp/all.html
url = https://jvn.jp/en/jp/{id}/
match = JVN#[0-9A-F]{8,}
id-to-slug = s/#//
[lwn]
type =
download =
text-match = [Ss]ecurity.(updates|advisories)
[owncloud]
download = https://owncloud.org/security/advisories/
url = https://owncloud.org/security/advisory?id={slug}
match = oC-SA-[0-9]{4,}-[0-9]+
id-to-slug = s/.*/\L&/
[cacti]
download = http://bugs.cacti.net/csv_export.php
url = http://bugs.cacti.net/view.php?id={slug}
select-to-slug = s/^000//
format = csv
match-field = Category
match = Security
select = Id
[wireshark]
download = https://www.wireshark.org/security/
url = https://www.wireshark.org/security/{id}.html
match = wnpa-sec-[0-9]{4,}-[0-9]{2,}
[exim]
download = https://bugs.exim.org/buglist.cgi?bug_severity=security&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&product=Exim&ctype=csv
url = https://bugs.exim.org/show_bug.cgi?id={id}
format = csv
select = bug_id
[pcre]
download = https://bugs.exim.org/buglist.cgi?bug_severity=security&bug_status=UNCONFIRMED&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&bug_status=VERIFIED&product=PCRE&ctype=csv
url = https://bugs.exim.org/show_bug.cgi?id={id}
format = csv
select = bug_id
[xen]
download = http://xenbits.xen.org/xsa/
url = http://xenbits.xen.org/xsa/advisory-{slug}.html
id-to-slug = s/^XSA-//
match = XSA-[0-9]{3,}
[mercurial]
download = https://www.mercurial-scm.org/wiki/WhatsNew?action=raw
match = CVE-[0-9]{4,}-[0-9]+
select = match
[webkitgtk]
download = http://webkitgtk.org/security.html
url = http://webkitgtk.org/security/{id}.html
match = WSA-[0-9]{4,}-[0-9]{4,}
select = match
[samba]
download = https://www.samba.org/samba/history/security.html
match = CVE-[0-9]{4,}-[0-9]+
select = match
url = https://www.samba.org/samba/security/{id}.html
|
