Hints for working with CVEs?
Jason L Tibbitts III
tibbs at math.uh.edu
Fri May 5 15:05:36 UTC 2006
Does anyone have any notes for dealing with the CVE lists? I know the
main access page is http://www.cve.mitre.org/cve/, but all you can do
is download the whole list or do a text search. (And the whole list
in plain text is 15MB.) I see that someone at Purdue offers change
lists, but the format is not terribly useful (just the numbers of the
changed entries).
Are there any tools that can extract useful summaries of this data
that we could use? Even number and summary would be helpful.
For example, I know there's a recent clamav vulnerability that affects
Extras. Now, I can search to find out that it's CVE-2006-1989. I
know Enrico pushed 0.88.2 on May 2 so we're not vulnerable.
But, how would I have seen the CVE without knowing it existed? Click
on every link in the daily changelogs and manually read the
description? There has to be a more efficient way.
BTW, what would be the format of the line to add to the fe4 and fe5
files for this?
CVE-2006-1989 version (clamav, fixed 0.88.2)
(no bug number, no announcement obviously)
- J<
More information about the Fedora-security-list
mailing list