Hints for working with CVEs?

Jason L Tibbitts III tibbs at math.uh.edu
Sat May 6 14:33:50 UTC 2006


>>>>> "VS" == Ville Skytt <Ville> writes:

VS> What kind of things would you like to produce out of that?

A couple of ideas:

Produce a simple summary with one or two lines of text per entry that
could be scanned quickly by a human.

Fuzzy match the "prod name" against our list of packages.  Also use
the "vers" tags and the guts of our existing package-releases script
to see if we're vulnerable.

Unfortunately my knowledge of XML is so limited that I don't understand
how you'd use the schema to generate a parser, but I'll try to figure
that out.

 - J<




More information about the Fedora-security-list mailing list