On Thu Sep 25, 2003 at 11:13:23PM -0400, Albert Whale wrote: My response will be short simply due to the fact that you posted in html and I can't quote it and can't be bothered to cut-n-paste.
Every Mandrake advisory includes the CVE names for the correlating problem. Trying using the CVE search mechanism on MandrakeSecure. That should be adequate. Nessus tells you CVE-bla-bla, you go to MandrakeSecure and do the CVE search for CVE-bla-bla, and immediately you find what advisories, if any deal with that CVE name. And contrary to your shouting, I have nothing against Nessus... I like it. But I'm not gonna turn around name packages "openssh-3.6.1p2-CVE-2003-xxxx-1.1mdk" just so you can avoid using a very simple search field on the website. (BTW, this was implemented a *long* time ago) -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature