One request we often receive is about the status of a particular fix or if we are already working on a vulnerability that has just made the news. While we usually announce fixes and analysis of some of those vulnerabilities, due to their sheer number, it’s just impractical to produce announcements around each one - and you probably wouldn’t be interested in vulnerabilities for the distributions you don’t use anyway. So we came up with an alternative solution.
To improve transparency and facilitate access to the list of Common Vulnerabilities and Exposures (CVEs) covered under our Extended Lifecycle Support service, the TuxCare Team is happy to announce the availability of a CVE Dashboard.
This is still a beta version, but you can already get at-a-glance access to the CVEs that interest you the most, with search capabilities by distribution, project (package), and several other important filters.
Through the Dashboard, you can find all the CVEs affecting a specific distribution or project and see the status of the fix for each one. You also have a direct link to more information about any specific CVE.
This will be most useful in situations where you need the most up-to-date information regarding the status of a specific fix - you no longer need to wait for our email or our blog posts, which can appear a few hours after the release of the fix. Now, you can check for yourself to see if it’s already being delivered.
Let’s take a look at how it works. Pointing your web browser to https://cve.tuxcare.com/ brings you to this screen:
All the CVE identifiers in the left-most column are links to the nvd.nist.org specific CVE page. You can search for a specific CVE by typing its identifier in the first text box above the list, or use one of the other fields - or any combination of fields. The project name is usually the first part of the package name: curl-x.xx.x is a package for the project “curl”.
As the dashboard is still in its beta stage, the team is working on improvements. If you have any suggestions, reach out to us on the e-mail firstname.lastname@example.org and let us know - we are always happy to accommodate changes.