=== Unit193 is now known as JackFrost
[15:45] <mpiano> ebarretto: Hi, sorry to bother again. I was doing the final checks to start using OVALs instead of cvescan databases, but I noticed that recent cves, for example https://ubuntu.com/security/CVE-2021-4034, are missing from https://security-metadata.canonical.com/oval/com.ubuntu.xenial.cve.oval.xml.bz2 .
[15:45] <mpiano> Am I missing something? Do the OVAL files only include a certain set of CVEs? Cause I would have imagined the data to be the same I can get from https://ubuntu.com/security/cves?q=&package=&priority=&version=xenial&status=released&offset=0
[15:45] <ubottu> A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the calling parameters count correctly and ends trying to execute environment variables as commands. An attack... <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4034>
[15:45] <ebarretto> mpiano, let me check 
[15:55] <ebarretto> mpiano, so xenial cve oval, differently from xenial usn oval, doesn't include yet ESM data. This is something that I've been working on lately.
[16:00] <mpiano> ebarretto, oh, that's a bit sad, pretty much full circle to not having up to date data feed for xenial 😅.
[16:00] <mpiano> Is there any ETA for having ESM data included in the CVE-indexed OVAL?
[16:04] <ebarretto> mpiano, we do have a deadline to get those changes merged but it is still ~2 months away. What I can do for you in the meantime is to get the json for xenial and trusty working in the meantime, while we work on getting the OVAL ready. I will probably ask as well for some feedback from you on the OVAL when it is ready
[16:11] <mpiano> ebarretto: Ok, thank you very much. I'm not very present on IRC, but feel free to reach out to mpiano@yelp.com for any feedback.
[17:36] <ebarretto> mpiano, xenial and trusty json should be there now 
[17:38] <mpiano> ebarretto, they are indeed ❤️  Thank you very much again for this, have a great weekend.
[17:38] <ebarretto> you too! 
[17:43] <grimmware> ebarretto: you are the hero we don't deserve, thank you so much dude!
[17:44] <ebarretto> grimmware, glad to help :)
[17:44] <grimmware> ebarretto: I'm usually idling on IRC in one form or another and I work with mpiano on this stuff too, if there's anything we can do to help you lot out with testing this stuff out then hit us up
[17:46] <ebarretto> grimmware, thanks, I will appreciate if you could run some tests when time comes :)
[17:47] <grimmware> yeah man totally!
=== JanC is now known as Guest5415
=== JanC_ is now known as JanC