Does the Fedora Security Team maintain a database (or "flat
file") stored out
in a Fedora CVS server somewhere that indicates status of any given CVE
issue? If it is there, is the "how to use it" documented anywhere? Is
manipulating this flat file the best way to get security bugs "into the
system" for review?
Well there's a file in CVS for each Fedora:
http://cvs.fedora.redhat.com/viewcvs/fedora-security/audit/fc6?root=fedor...
It's actually more up to date than the header states though :)
Thanks, Mark
--
Mark J Cox / Red Hat Security Response Team