× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. November 2018

Re: CVE's question

OK, not the answer I was looking for. I was hoping the CVE information
would be buried once installed on the system. Just as an example, if you
wanted to know where you were on spectre/meltdown remediation your going to
spend some time figuring it out.

On Wed, Nov 7, 2018 at 11:33 AM Rob Berendt <rob@xxxxxxxxx> wrote:

The theory is that you should be able to look up the CVE at IBM's Product
Security Incident Response blog at
https://www.ibm.com/blogs/psirt/
But it's crap.
Let's look at an example from today. I got an email from IBM informing me
of a CVE which could whack IBM i 7.1-7.3. This email points me to this:

https://www-01.ibm.com/support/docview.wss?uid=ibm10725903&myns=ibmi&mynp=OCSSC52E&mynp=OCSSC5L9&mynp=OCSSTS2D&mync=E&cm_sp=ibmi-_-OCSSC52E-OCSSC5L9-OCSSTS2D-_-E
This link lists the PTF's needed to resolve it.
Ok. So far, so good. However, I go back to the psirt site and try to
look up that CVE and all it tells me about is Red Hat.

I guess one could browse PTF cover letters online for the CVE.


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1
Group Dekko
Dept 1600
Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Jack Kingsley" <iseriesflorida@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <MIDRANGE-L@xxxxxxxxxxxx>
Date: 11/07/2018 05:11 AM
Subject: CVE's question
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



I have a couple of questions on CVE's. Does anyone know where the CVE
information is held for PTF's. I don't believe dumping PTF information
has
it?? Next question is once you know about a CVE, is there an easy way to
find all associated PTF's for that specific CVE. There doesn't seem to be
any cross reference to determine where you stand on CVE's unless you are
manually managing it.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.