Is there something like the '-security' lists of other distros?
- 2 years 1 month ago
I just read about Alpine Linux in this week's Distrowatch Weekly. This looks very interesting, and I'd like to look into it during my (limited) spare time. One question I have is whether the Apline package maintainers track and report which CVEs are fixed in which releases. In particular, if a security patch is applied to a release, then I presume the package version number would be bumped; in that case, would there be something that says "fixed CVE-xxxx-yyy"? Is there something that would collect those?
I saw the cvewatcher package described on this forum, and it looks promising. But, there is the caveat that it only looks at the package version and will have false positives if the CVE has been patched.