Hints for working with CVEs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Does anyone have any notes for dealing with the CVE lists?  I know the
main access page is http://www.cve.mitre.org/cve/, but all you can do
is download the whole list or do a text search.  (And the whole list
in plain text is 15MB.)  I see that someone at Purdue offers change
lists, but the format is not terribly useful (just the numbers of the
changed entries).

Are there any tools that can extract useful summaries of this data
that we could use?  Even number and summary would be helpful.

For example, I know there's a recent clamav vulnerability that affects
Extras.  Now, I can search to find out that it's CVE-2006-1989.  I
know Enrico pushed 0.88.2 on May 2 so we're not vulnerable.

But, how would I have seen the CVE without knowing it existed?  Click
on every link in the daily changelogs and manually read the
description?  There has to be a more efficient way.

BTW, what would be the format of the line to add to the fe4 and fe5
files for this?

CVE-2006-1989 version (clamav, fixed 0.88.2)

(no bug number, no announcement obviously)

 - J<


[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux