On Thu, 2003-09-25 at 20:29, Vincent Danen wrote: > On Thu Sep 25, 2003 at 11:13:23PM -0400, Albert Whale wrote: > > My response will be short simply due to the fact that you posted in html and > I can't quote it and can't be bothered to cut-n-paste. > > Every Mandrake advisory includes the CVE names for the correlating problem. > Trying using the CVE search mechanism on MandrakeSecure. That should be > adequate. Nessus tells you CVE-bla-bla, you go to MandrakeSecure and do the > CVE search for CVE-bla-bla, and immediately you find what advisories, if any > deal with that CVE name. > > And contrary to your shouting, I have nothing against Nessus... I like it. > But I'm not gonna turn around name packages > "openssh-3.6.1p2-CVE-2003-xxxx-1.1mdk" just so you can avoid using a very > simple search field on the website. > > (BTW, this was implemented a *long* time ago)
Haven't messed with Nessus recently, does it have or can it use a database backend for vulnerability information? I was thinking of how to automatically extract the CVE reference and Mandrake RPM version from your announcements (just the kind of insecure hack to a security system that warms the cockles of the corporate heart). -- Jack Coates Monkeynoodle: A Scientific Venture...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com