[Mageia-dev] List of CVE referencing software versions present in Mageia 1
Guillaume Rousse
guillomovitch at gmail.com
Fri Jan 6 13:00:28 CET 2012
Le 05/01/2012 23:37, Pascal Terjan a écrit :
> Here is the output of a little script I just wrote.
>
> Vulnerable version, please check that a patch was applied if needed
I tried to do it for bind, and dhcp, however I'm a bit confused about
the svn tree...
For bind, the updates/1/bind/current path contains a SPEC file
corresponding to a 9.8.1-6.P1 package, which doesn't exist anywhere on
the mirror:
9.8.1P1-1.mga1 for pending updates updates_testing
9.8.0-6.P4.mga1 for available updates
9.8.0-6.P1.mga1 for release
For dhcp, the updates/1/dhcp/current path contains a SPEC file
corresponding to the release package (3:4.2.1-0.P1.3):
3:4.2.1-0.P1.3.1.mga1 for pending updates
3:4.2.1-0.P1.3.mga1 for release
So, I guess 1/<foo>/current should match release package,
updates/1/<foo>/current should match latest available update, but where
is located pending updates package content ?
[..]
> * openssl 1.0.0d
> - CVE-2011-1945
> - CVE-2011-3207
> - CVE-2011-3210
+ CVE-2011-4108
+ CVE-2011-4109
+ CVE-2011-4576
+ CVE-2011-4577
+ CVE-2011-4619
+ CVE-2012-0027
--
BOFH excuse #11:
magnetic interference from money/credit cards
More information about the Mageia-dev
mailing list