fetch-vlist -- fetch and install vulnerbility lists
The fetch-vlist tool downloads and installs the vulnerability lists used by yvc(1) . Each list is expected to be PGP signed; fetch-vlist will verify the signature after donwloading the file.
Originally, the lists are fetched into a temporary location. If a fetched file is different from the currently used version, then it is installed.
The following options are supported by fetch-vlist:
The following lists may be downloaded and installed by fetch-vlist:
nbvlist A list of vulnerabilities provided by the NetBSD Project. See http://www.netbsd.org/support/security/#check-pkgsrc for details. Retrieved from http://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities.
rh4vlist A list of vulnerabilities known in RHEL4, derived from http://www.redhat.com/security/data/oval/com.redhat.rhsaall.xml.bz2 and fetched from http://<hostname>/yvc/rh4vlist.
rh5vlist A list of vulnerabilities known in RHEL5, derived from http://www.redhat.com/security/data/oval/com.redhat.rhsaall.xml.bz2 and fetched from http://<hostname>/yvc/rh5vlist.
The fetch-vlist utility exits 0 on success, and >0 if an error occurs.
fetch-vlist was conceptually based on NetBSD’s “download-vulnerabilitylist" command. It was originally written by Jan Schaumann <firstname.lastname@example.org> in July 2008.
Please report bugs and feature requests to the author.
Table of Contents