[arch-security] Division of Labor
RbN
r.b.n at riseup.net
Thu Mar 13 17:20:22 EDT 2014
> I also think we need a system to track which CVEs have been dealt with.
>
> How about a wiki page with a table (per month?) with the following columns:
>
> CVE Id
> Package/version
> Date public
> Update/Bug (upstream version with fix or bug report number with patch)
> Fixed version
> Time vulnerable (for interest!)
>
> Allan
I just created a page to track CVE for 2014 (if it gets too long, we will
split it later) : https://wiki.archlinux.org/index.php/CVE-2014
It's basically a table wth the following columns for each CVE :
CVE-id
Package/version
Date public
Update/Bug (upstream version with fix or bug report number with patch)
Fixed version
Time vulnerable (for interest!)
As you might see, any wikitext ninja is welcome to improve the table ;)
I will add some links later :
CVE -ids linked to Mitre
Package name linked to the good page
FS# linked to the bug report
I filled it with the content of the file I used on my laptop to keep track of
CVE to see how it looks like with real content.
There is CVE with the time vulnerable field filled with "??", it means that I
didn't take time to check it, it's easy work for anybody willing to gets his
hands dirty with CVE management.
RbN
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part.
URL: <http://mailman.archlinux.org/pipermail/arch-security/attachments/20140313/af6454cf/attachment.asc>
More information about the arch-security
mailing list