top | item 40940982

(no title)

They do tell you that you are missing now. On ubuntu 24.04, apt now reports/nags me about security updates behind esm-apps.

They also publish an oval xml for use with openscap tools to get a list of unpatched CVEs. The issue is not enough people know about those tools. https://security-metadata.canonical.com/oval/

discuss

frankjr|1 year ago

Aha, thanks. I'm trying to look up the CVE on https://ubuntu.com/security/notices and the site's search responds with "504 Gateway Time-out" or "500: Server error". Come on Ubuntu.

captn3m0|1 year ago

They finally agreed to publish OSV data in addition to OVAL. OVAL XML files are terrible to use, and OSV is amazing in comparison, so this will get more tool adoption.