How to find out if CVE has been applied to you package?

Hello world!

Q. How to find out if CVE has been applied to you package?
Answer: We look to changelog

[root@server20 ~]# rpm -q –changelog bind |grep CVE
– Fix CVE-2016-2776
– Fix CVE-2016-1285 and CVE-2016-1286
– Fix CVE-2015-8704
– Fix CVE-2015-8000
– Fix CVE-2015-5722
– Fix CVE-2015-5477
– Fix CVE-2015-4620
– Fix CVE-2015-1349
– Fix CVE-2014-8500 (#1171976)
– Fix CVE-2014-0591
– update to 9.9.3-P2 (fix for CVE-2013-4854)
– update to 9.9.3-P1 (fix for CVE-2013-3919)
– New upstream patch version fixing CVE-2013-2266 (#928032)
– update to 9.9.1-P1 (CVE-2012-1667)
– update to 9.9.0b2 (CVE-2011-4313)
– update to 9.8.0-P2 (CVE-2011-1910)
– update to 9.8.0-P1 (CVE-2011-1907)
– update to 9.7.1-P2 (CVE-2010-0213)
– 9.6.1-P1 release (CVE-2009-0696)
– 9.6.0-P1 release (CVE-2009-0025)
– 9.5.1b1 release (CVE-2008-1447)
– removed bind-9.5-CVE-2008-0122.patch (upstream)
– CVE-2008-0122
– fixed typo in post section (CVE-2007-6283)
– CVE-2007-6283
– updated to 9.5.0a6 which contains fixes for CVE-2007-2925 and
– updated to 9.4.1 which contains fix to CVE-2007-2241
– added upstream patch for correct SIG handling – CVE-2006-4095

Leave a Reply

Your email address will not be published. Required fields are marked *

5 + 2 =

This site uses Akismet to reduce spam. Learn how your comment data is processed.