[feature request] audit subcommand

[eoli3n]

It would be great to be able to easily list packages concerned by CVEs.

Archlinux has arch-audit : https://gitlab.com/ilpianista/arch-audit FreeBSD has pkg audit : https://docs.freebsd.org/en/books/handbook/ports/ (see 4.4.6. Auditing Installed Packages)

[eoli3n]

Discussion on #voidlinux gave some tracks. Repology tracks cves : https://repology.org/security/recent-cves A mailing list : https://www.openwall.com/lists/oss-security/

Void would need a security team to track CVEs and patches.

Oneline from zdykstra

$ curl -s "https://repology.org/api/v1/projects/?inrepo=void_x86_64&vulnerable=1" | jq 'flatten | map(select(.repo=="void_x86_64"))'