Does anyone have any notes for dealing with the CVE lists? I know the main access page is http://www.cve.mitre.org/cve/, but all you can do is download the whole list or do a text search. (And the whole list in plain text is 15MB.) I see that someone at Purdue offers change lists, but the format is not terribly useful (just the numbers of the changed entries). Are there any tools that can extract useful summaries of this data that we could use? Even number and summary would be helpful. For example, I know there's a recent clamav vulnerability that affects Extras. Now, I can search to find out that it's CVE-2006-1989. I know Enrico pushed 0.88.2 on May 2 so we're not vulnerable. But, how would I have seen the CVE without knowing it existed? Click on every link in the daily changelogs and manually read the description? There has to be a more efficient way. BTW, what would be the format of the line to add to the fe4 and fe5 files for this? CVE-2006-1989 version (clamav, fixed 0.88.2) (no bug number, no announcement obviously) - J<
