On Thu, 2009-05-21 at 13:26 +0100, [email protected] wrote: > > To be fair, even if you go the the Redhat site, and login to support, is > > there any easy way to tell if a particular CVE is addressed in a given > > patch? I know you can search the change logs and Redhat Advisories but > > it sure seems that it's difficult to go from a CVE to a RHSA, although > > it's quite easy to go the other way. It would be nice if there was a > > well maintained web page that cross-referenced CVE's to RHSA's so that > > it would be easy to answer audit "findings". > > RH's security team publishes useful metrics (including CVE/RHSA mappings) > regarding security issues at http://www.redhat.com/security/data/metrics/ > - I find the Vulnerability Statements are especially useful when you're > trying to work out why Red Hat hasn't issued a RHSA for a given CVE.
That's exactly the page I was looking for, especially the "Days of Risk Report". That page makes it very easy to search for a CVE and find the associated RHSA, including release dates. Why is it so difficult to find that page with a search? Later, Tom _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
