RHSA vs CVE

Wed Jun 13 21:40:52 UTC 2012

On June 13, 2012 14:50:56 Samuel Folk-Williams wrote:
> Hi - this article should help:
> https://access.redhat.com/knowledge/articles/124913
> 
> Feel free to comment there with addition questions as well.

Thanks for the link I've managed to overlook it somehow.

It mentiones both OVAL and CVRF and spending some time staring at those files 
I can't really find the mapping I'm looking for. I kind of vaguelly see how I 
can "ductape it together" using what I've got plus some OVAL. CVRF seems to go 
only as far as 2012 and I need older entries (unless I'm missing something 
here). 

Trying to save myself time parsing all the extra docs - what is the best way 
to get mapping:

CVE -> RHEL/RPM version ?

RHSA is only a side-effect in my code as it was the only one providing package 
names associated (albeit remotely) with CVE's

-- 
Dmitry Makovey
Web Systems Administrator
Athabasca University
(780) 675-6245
---
Confidence is what you have before you understand the problem
    Woody Allen

When in trouble when in doubt run in circles scream and shout 
     http://www.wordwizard.com/phpbb3/viewtopic.php?f=16&t=19330

-- 
    This communication is intended for the use of the recipient to whom it
    is addressed, and may contain confidential, personal, and or privileged
    information. Please contact us immediately if you are not the intended
    recipient of this communication, and do not copy, distribute, or take
    action relying on it. Any communications received in error, or
    subsequent reply, should be deleted or destroyed.
---