Summary list of CVEs related to backported patches
On pages like this
https:/
it would be great if there was a summary list of CVE's resolved by each backport displayed in an easily accessible format, either per patch or for everything up to today as a "CVE's resolved to date"
With the main version number not changing when a patch is back ported a lot of vulnerability tools don't pick up on the backported fixes as they don't change the version number resulting in a number of false positives that require manual intervention.
I have only just discovered (after 10+ years of using ubuntu) that the CVE's resolved in backport patches are available on pages like this. I have to click on each release individually to get this information, It would be a lot easier to determine if a machine is vulnerable if I didn't have top open each patch and search for the CVEs and instead had a single selectable list of plain text CVEs, maybe in CSV format available on the page for the software. Where there 20+ patches this task of extracted resolved CVEs becomes particularly onerous.
If this information is already available elsewhere please can you let me know (it took me 10 years to find this so any help appreciated)
Thanks in anticipation
Question information
- Language:
- English Edit question
- Status:
- Answered
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask ChrisJ for more information if necessary.