mirror of
https://github.com/captn3m0/debian-elts-advisories.git
synced 2024-09-21 12:58:15 +00:00
35 lines
1.5 KiB
Markdown
35 lines
1.5 KiB
Markdown
# Debian ELTS Advisories
|
|
|
|
## Background
|
|
|
|
- Debian LTS is maintained by the Debian Security team
|
|
- Debian Extended LTS, a commercial offering is maintained by Freexian.
|
|
- Debian ELTS Advisories are announced at https://www.freexian.com/lts/extended/updates/
|
|
- [OSV](https://ossf.github.io/osv-schema/) is a Open Source Vulnerability format, as specified by the [Open Source Security Foundation](https://openssf.org).
|
|
- [GSD Database](https://globalsecuritydatabase.org/) is a vulnerability database used by OSV.dev, and maintained by the [Cloud Security Alliance](https://cloudsecurityalliance.org/)
|
|
|
|
## What is this project?
|
|
|
|
The OSV.dev expects advisories to be published in the OSV format. This repository
|
|
republishes the advisories in the OSV format, and syncs them against the
|
|
[GSD Database](https://github.com/cloudsecurityalliance/gsd-database)
|
|
|
|
- [x] Picks up data from [extended-lts-security-tracker][source]
|
|
- [x] Generates advisories in the OSV format at advisories/
|
|
- [ ] Syncs Data to the GSD Database
|
|
|
|
## TODO
|
|
|
|
- [ ] Add Credits
|
|
|
|
## Source:
|
|
|
|
- Updates are fetched from the ELTS Security Tracker:
|
|
- The data is also published at https://deb.freexian.com/extended-lts/tracker/data/json, but it doesn't include the announcement URLs, and harder to use.
|
|
- See https://github.com/ossf/osv-schema/pull/104 for more information.
|
|
|
|
## License
|
|
|
|
The code is licensed under MIT.
|
|
|
|
[source]: https://salsa.debian.org/freexian-team/extended-lts/security-tracker/-/blob/master/data/ELA/list |