On Tue, Jun 29, 2010 at 5:11 PM, Les Mikesell <lesmikes...@gmail.com> wrote: > What's the correct response to a security scan that points out that > apache versions below 2.2.14 have multiple known vulnerabilities? Is > there an official document about what known vulnerabilities have been > fixed in the RHEL/CentOS updates or do you have to wade through the > changelog to try to find each thing? >
The upstream vendor backports many fixes. The best thing to do is reference the CVE number in the changelogs. It's still wading through a lot of changelogs, but with the CVE you can find it pretty quickly. _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
