xbps
xbps copied to clipboard
[feature request] audit subcommand
It would be great to be able to easily list packages concerned by CVEs.
Archlinux has arch-audit
: https://gitlab.com/ilpianista/arch-audit
FreeBSD has pkg audit
: https://docs.freebsd.org/en/books/handbook/ports/ (see 4.4.6. Auditing Installed Packages)
Discussion on #voidlinux gave some tracks. Repology tracks cves : https://repology.org/security/recent-cves A mailing list : https://www.openwall.com/lists/oss-security/
Void would need a security team to track CVEs and patches.
Oneline from zdykstra
$ curl -s "https://repology.org/api/v1/projects/?inrepo=void_x86_64&vulnerable=1" | jq 'flatten | map(select(.repo=="void_x86_64"))'