Hi, Today I added initial PKGBUILD support to cve-check-tool [1], an automated CVE checking tool that works with the NVD Database, matching versions, etc, with a given source repository. Currently patch detection is very flaky, as there doesn't appear to be a consistent naming for CVE patches within Arch Linux. I would appreciate if someone could work with me to improve the patch detection within cve-check-tool, or work towards patch name standardisation within Arch Linux. Below is an initial list of CVEs I cannot determine are actually patched (by manually looking) - so some of them are potentially false positives. Also note that CVE name mapping (CPE fields) support isn't in cve-check-tool yet, this is something I'd also like to see Arch Linux implement to ensure a maximum surface area during checks. Note the following appeared for glibc, I haven't had time to check them: CVE-2014-7817 CVE-2014-8121 [1] https://github.com/ikeydoherty/cve-check-tool - ikey packages/ namespace: exiv2: CVE-2014-9449 libzip: CVE-2015-2331 htdig: CVE-2005-0085 gksu: CVE-2014-2886 cpio: CVE-2015-1197 libtar: CVE-2013-4420 mod_fcgid: CVE-2013-4365 net-snmp: CVE-2014-2285 arora: CVE-2011-3367 rsync: CVE-2014-9512 libarchive: CVE-2013-0211 CVE-2015-2304 vorbis-tools: CVE-2014-9638 CVE-2014-9640 id3lib: CVE-2007-4460 compface: CVE-2009-2286 procmail: CVE-2014-3618 xchat: CVE-2011-5129 vte: CVE-2012-2738 fcgi: CVE-2012-6687 fastjar: CVE-2010-0831 CVE-2010-2322 ppp: CVE-2014-3158 libyaml: CVE-2014-9130 potrace: CVE-2013-7437 unzip: CVE-2014-9636 lynx: CVE-2010-2810 community/ namespace: hsolink: CVE-2010-1671 CVE-201-2929 CVE-2010-2930 arpwatch: CVE-2012-2653 echoping: CVE-2010-5111 vsftpd: CVE-2015-1419 imlib: CVE-2007-3568 uudeview: CVE-2008-2266 clearsilver: CVE-2011-4357 dtach: CVE-2012-3368 devil: CVE-2009-3994 libnids: CVE-2010-0751 tuxguitar: CVE-2010-3385 pstotext: CVE-2006-5869 plib: CVE-2011-4620 CVE-2012-4552 dopewars: CVE-2009-3591 xloadimage: CVE-2001-0775 CVE-2005-3178 xv: CVE-2004-1726 CVE-2004-1726 CVE-2005-0665 trickle: CVE-2009-0415 P.S. Apologies if message comes through twice, issues.