On Wed, 2009-05-20 at 19:16 -0400, Tom Sightler wrote: > To be fair, even if you go the the Redhat site, and login to support, is > there any easy way to tell if a particular CVE is addressed in a given > patch? I know you can search the change logs and Redhat Advisories but > it sure seems that it's difficult to go from a CVE to a RHSA, although > it's quite easy to go the other way. It would be nice if there was a > well maintained web page that cross-referenced CVE's to RHSA's so that > it would be easy to answer audit "findings". > > Note I'm not arguing your point that Bugzilla isn't the right place, but > I'm not really sure there's anything in support either, other than > opening a support request, or manually digging through change logs. If > there is something there I'd love to know about it.
And to answer my own stupid question, I search on the redhat.com site for the CVE works quite well. I should have just gone home, it's already late. Actually, go to www.redhat.com, click on Search, and then choose "Red Hat Network Errata" and search for the CVE and you'll find the related RHSA pretty quickly. No login required. Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
