PDA

View Full Version : SLES-Other CVE not showing in change log information



tommcc
20-Jan-2016, 14:07
Hi,

I have a question about CVE numbers. We are trying to check if CVE-2011-1013 is covered by our kernel version. The kernel version itself would suggest that this has been patched as its greater than 2.6.32.36-0.5.2 recommended, BUT there is no mention of this CVE number in the change log information in the package.

Is it usual for not all CVE numbers not to be documented in the changelog? If so I assume we have only the version number to go by is this correct?

Seeking clarification.

Thanks

malcolmlewis
20-Jan-2016, 14:25
Hi,

I have a question about CVE numbers. We are trying to check if CVE-2011-1013 is covered by our kernel version. The kernel version itself would suggest that this has been patched as its greater than 2.6.32.36-0.5.2 recommended, BUT there is no mention of this CVE number in the change log information in the package.

Is it usual for not all CVE numbers not to be documented in the changelog? If so I assume we have only the version number to go by is this correct?

Seeking clarification.

Thanks
Hi
If you can't find the CVE reference, then follow the bugzilla entry;
https://www.suse.com/security/cve/CVE-2011-1013.html
https://bugzilla.suse.com/show_bug.cgi?id=674691

Looking at the bugzilla entry (comment 23), looks like it was included with some other CVE's.

tommcc
20-Jan-2016, 15:26
That helps thanks.