Received: from mail-wm1-f45.google.com (mail-wm1-f45.google.com [209.85.128.45])
	by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 483DE782F51
	for <~alpine/users@lists.alpinelinux.org>; Mon, 24 Feb 2020 19:37:55 +0000 (UTC)
Received: by mail-wm1-f45.google.com with SMTP id s10so521272wmh.3
        for <~alpine/users@lists.alpinelinux.org>; Mon, 24 Feb 2020 11:37:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=orca.security; s=google;
        h=from:content-transfer-encoding:mime-version:subject:message-id:date
         :to;
        bh=nE73HsK/4beBI3lTCOuKPULyZVIJL0dMfiX5AYh3G6A=;
        b=YieZfR8FbhZm6YTCpO7s2fioN4Em2jZPQtLaeUQ3AD/ZNWcrZ2hNS5avzNJSxWbzND
         OoNF2YZTNSDV5Uhm0gfnlRBUiumMOly5fVJ99eU/2cho6+eWEtxHEXmlCR0A8hJcFdKg
         Y28xmjGivddTlrChaFbOUdLhylCbj0U0MqxAQelrg1vI6Qhv6LFt3QdEVrL98qEPMnU3
         Q9mTxDgLjDgQpiVEVy+Kl/FHstCFYfnB9W+9uR+wr18cF4XO26fAno+Z7vIEuf6t715D
         00oip7fZMGjQVlW4Ly+mX9vYg5Fz/n6GQcdC34TMYu74cbqPIpVdtDtACINMOPg/6zXY
         5lmQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:content-transfer-encoding:mime-version
         :subject:message-id:date:to;
        bh=nE73HsK/4beBI3lTCOuKPULyZVIJL0dMfiX5AYh3G6A=;
        b=hhQM1TBwHLE8IHuidmqvVgbSJKTO5I20xkax2Fj+0KoFb8KgTxGjraE2mQ8XYcViWm
         wE3iyIpnLxfrpjtERuWfiiT1ciwxpDpdgAt29DchrOFBG6XXvPI6jRoidg0+bGlt6UK5
         uBIDRuO9KQI0bVe+gmI+v8du/5tfWdCI2i+zl01EX9lTEF52lmYxkWx5TRL6920v6IZO
         rfUWeeMcZNF3JDfGQ4jchUtgneZnREdc2C91U/ahxFiKm21Kkr9jL8tdatjt62eYs7xw
         SKkMnC0z++kUQ8UXDMwg+fCxSNMMBYc8xfEgSuTTOZ+Gs/asU38eAeXptwOROsOxlKdA
         4ryw==
X-Gm-Message-State: APjAAAVwCwDD6Jcmv92nxphTkWiPi9kISWB98pmd+SiG4vhNVKwD9E3C
	sc95KO7fdl1HwDxakumgPzBKy4lwPO4DGQ==
X-Google-Smtp-Source: APXvYqzST8n5SFMVsDYkHw00iUH1ze0AyTrlKa9JRx+fSWzNzeDzMeIlefyiuXZMW51v8HpbRD7nGw==
X-Received: by 2002:a7b:c249:: with SMTP id b9mr538693wmj.61.1582573073477;
        Mon, 24 Feb 2020 11:37:53 -0800 (PST)
Received: from [192.168.31.159] (bzq-109-65-213-159.red.bezeqint.net. [109.65.213.159])
        by smtp.gmail.com with ESMTPSA id l4sm2616205wrv.22.2020.02.24.11.37.52
        for <~alpine/users@lists.alpinelinux.org>
        (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
        Mon, 24 Feb 2020 11:37:52 -0800 (PST)
From: Wagde Zabit <wagde@orca.security>
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0 (Mac OS X Mail 13.0 \(3608.60.0.2.5\))
Subject: Cvechecker
Message-Id: <5E0784AF-441E-44E0-A67B-E275E87FBF16@orca.security>
Date: Mon, 24 Feb 2020 21:37:51 +0200
To: ~alpine/users@lists.alpinelinux.org
X-Mailer: Apple Mail (2.3608.60.0.2.5)

Hi

I see there a page in the wiki for a tool called cvechecker =
(https://wiki.alpinelinux.org/wiki/Cvechecker), According to the wiki it =
should give CVEs on installed packages of Alpine... The page was last =
updated on 2013.
I tried the tool and noticed that it is working against the NVD DB, =
which is a good start :-). But it works with the CPEs, and it can lea to =
False Positives and False negatives (For example it won=E2=80=99t list =
nginx vulnerability CVE-2019-9511)
Any advice how can I use this tool to achieve my goal to detect CVEs on =
alpine installation and packages?

Thank=