Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <200808041858.10680.thijs@debian.org>
Date: Mon, 4 Aug 2008 18:58:08 +0200
From: Thijs Kinkhorst <thijs@...ian.org>
To: oss-security@...ts.openwall.com
Cc: "Steven M. Christey" <coley@...us.mitre.org>
Subject: source for CVE feed (was: Re: CVE request: httrack buffer overflow)

Hi Steve,

On Monday 4 August 2008 18:37, Steven M. Christey wrote:
> It's in NVD but not yet on the public CVE site, due to various process
> oddities.  98% of the time, NVD will have the CVEs before the CVE web site
> does.

Good to know. Here at Debian we currently import all CVEs into our own system, 
and we use http://cve.mitre.org/data/downloads/allitems.html.gz as the source 
for that.

Considering your statement we would better be using one of the XML Data feeds 
from http://nvd.nist.gov/download.cfm , right? Or would you recommend another 
feed (e.g. the one where NVD gets its data from)?


thanks,
Thijs

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.