This directory provides OVAL data for various SUSE Linux products and the openSUSE distributions.


The OVAL data is generated once a day.


We provide 3 forms of data for each product / service pack / distribution:

- Vulnerability based without unfixed security issues (name.xml)

  This data is CVE indexed, and contains the fixed security issues and the analyzed issues NOT affecting SUSE.

  If you system is up-to-date, this should not show evaluate any state to "true".


- vulnerability based with unfixed security issues (name-affected.xml)

  This data is CVE indexed, and contains the fixed security issues and the analyzed issues both affecting and NOT affecting SUSE.

  It is seperate from the regular vulnerability data as it would always show "affected" for the CVEs in progress of being fixed.


- patch based (name-patch.xml)  reflects the virtual patches 

  These reflect both the released patches and the ones currently in QA.

  The ones currently in QA have a summary including (in QA).


We also provide "gzip" compressed versions of each .xml to reduce download size.


Note that only the current products receive OVAL updates.


For any questions or feedback, reach out to security@suse.de.