CVE not showing in change log information

Hi,

I have a question about CVE numbers. We are trying to check if CVE-2011-1013 is covered by our kernel version. The kernel version itself would suggest that this has been patched as its greater than 2.6.32.36-0.5.2 recommended, BUT there is no mention of this CVE number in the change log information in the package.

Is it usual for not all CVE numbers not to be documented in the changelog? If so I assume we have only the version number to go by is this correct?

Seeking clarification.

Thanks

[QUOTE=tommcc;31201]Hi,

I have a question about CVE numbers. We are trying to check if CVE-2011-1013 is covered by our kernel version. The kernel version itself would suggest that this has been patched as its greater than 2.6.32.36-0.5.2 recommended, BUT there is no mention of this CVE number in the change log information in the package.

Is it usual for not all CVE numbers not to be documented in the changelog? If so I assume we have only the version number to go by is this correct?

Seeking clarification.

Thanks[/QUOTE]
Hi
If you can’t find the CVE reference, then follow the bugzilla entry;
https://www.suse.com/security/cve/CVE-2011-1013.html
https://bugzilla.suse.com/show_bug.cgi?id=674691

Looking at the bugzilla entry (comment 23), looks like it was included with some other CVE’s.

That helps thanks.