Hints for working with CVEs?
Dennis Gilmore
dennis at ausil.us
Fri May 5 15:28:09 UTC 2006
On Friday 05 May 2006 10:05, Jason L Tibbitts III wrote:
> For example, I know there's a recent clamav vulnerability that affects
> Extras. Now, I can search to find out that it's CVE-2006-1989. I
> know Enrico pushed 0.88.2 on May 2 so we're not vulnerable.
>
> But, how would I have seen the CVE without knowing it existed? Click
> on every link in the daily changelogs and manually read the
> description? There has to be a more efficient way.
>
> BTW, what would be the format of the line to add to the fe4 and fe5
> files for this?
>
> CVE-2006-1989 version (clamav, fixed 0.88.2)
>
> (no bug number, no announcement obviously)
>
> - J<
>
When i saw this on bugtraq i first searched bugzilla. which had no bug
filled. I then checked the repo to see if packages were updated. which
they were not at that time. I then checked the fedora-extras-commits to see
if there was something there. and the updates had been commited. My
question is should I have filed a bug anyway so that we have a public
record that the issue had been fixed?
--
Regards
Dennis Gilmore, RHCE
Proud Australian
More information about the Fedora-security-list
mailing list