Return-Path: X-Original-To: oracle-l@orafaq.com Delivered-To: oracle-l@orafaq.com Received: from puck1183.startdedicated.com (localhost [127.0.0.1]) by puck1183.startdedicated.com (Postfix) with ESMTP id 175421960268 for ; Fri, 6 Jun 2014 18:46:21 +0200 (CEST) Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by puck1183.startdedicated.com (Postfix) with ESMTP for ; Fri, 6 Jun 2014 18:46:21 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 5B8EA2838D; Fri, 6 Jun 2014 12:45:36 -0400 (EDT) Authentication-Results: turing.freelists.org; dkim=fail (verification failed; insecure key) header.i=@gmail.com; dkim-adsp=none (insecure policy) X-Virus-Scanned: Debian amavisd-new at turing.freelists.org Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JwdtdUnZfSNw; Fri, 6 Jun 2014 12:45:36 -0400 (EDT) Received: from turing.freelists.org (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id C84A52C476; Fri, 6 Jun 2014 12:44:54 -0400 (EDT) Received: with ECARTIS (v1.0.0; list oracle-l); Fri, 06 Jun 2014 12:44:13 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 8711C2C2D1 for ; Fri, 6 Jun 2014 12:44:13 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Ez38W4O0zxg for ; Fri, 6 Jun 2014 12:44:13 -0400 (EDT) Received: from mail-ve0-f175.google.com (mail-ve0-f175.google.com [209.85.128.175]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 593532C167 for ; Fri, 6 Jun 2014 12:43:48 -0400 (EDT) Received: by mail-ve0-f175.google.com with SMTP id us18so1372121veb.20 for ; Fri, 06 Jun 2014 09:43:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=hn6ClZVhZLvW5uF8iELXnXT//ye5fa3WxS6rO5ScjSw=; b=TkMGmLWjogOcumbPwMTaOhsir2FifT+3OOrkwp0qCoKutXki+uPDM/YdamY4lqnbwB GOSlY4HjXrH+XKi+cbIGvkYEWSGMKlo8uxmvs5mamZsPTB5nRDhDRckKR3wzbZzF+mQf Zj5Iz/pqvPGwQ+2GOO7V/njAEoGYHgxarrSPxYn6EOh2PfcA0KXmy04wf6/1BNAT4Z6V 90tW9lywo7SiBgHfuSBvNxP9QfqXfpE4avYRAv8ccbA8MY6TGf/aAh2yJ8glUI0v8ysE cwCBQbSAx4jQqHLuMAuGnR9F7IVET9ef/ucxaHAFS98xbtuEj5OHPJDnzFzDf1lSh4V3 OeRQ== X-Received: by 10.220.205.3 with SMTP id fo3mr4943511vcb.57.1402073028626; Fri, 06 Jun 2014 09:43:48 -0700 (PDT) MIME-Version: 1.0 Received: by 10.58.31.227 with HTTP; Fri, 6 Jun 2014 09:43:08 -0700 (PDT) From: Patrice sur GMail Date: Fri, 6 Jun 2014 13:43:08 -0300 Message-ID: Subject: CVEs and Oracle products To: ORACLE-L Content-Type: multipart/alternative; boundary=001a11c3c8c4d2111e04fb2d90da X-archive-position: 54877 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: patrice.boivin@gmail.com Precedence: normal Reply-To: patrice.boivin@gmail.com List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l --001a11c3c8c4d2111e04fb2d90da Content-Type: text/plain; charset=UTF-8 I was wondering, does Oracle have a CVE equivalency database that would let us enter a CVE and find out if it applies to any Oracle products and what versions, if any? (Most of the time probably the CVEs don't apply.) Bureaucrats sometimes forward e-mails about CVE numbers and want us to assure them that we're "safe" and entering CVE numbers in My Oracle Support doesn't usually turn up anything. I am guessing that for DBAs in more secure environments this is routine stuff, thought maybe someone might be able to provide some pointers. I know about the typical advice like "stay up-to-date with your software versions" -- except for that OpenSSL bug LOL which got some people in trouble, no memory sticks or used to be CDs (esp. if people are outside your building handing them out for free), passwords are not all that secure (some employees are willing to give them up for a little gift at the door), social engineering, don't trust your own employees, etc. etc. I am just looking for a lookup site somewhere that we might be able to trust. -- Patrice My profiles: [image: Facebook] [image: LinkedIn] [image: Twitter] Signature powered by WiseStamp --001a11c3c8c4d2111e04fb2d90da Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
I was wondering, does Oracle have a CVE equivalency d= atabase that would let us enter a CVE and find out if it applies to any Ora= cle products and what versions, if any?=C2=A0 (Most of the time probably th= e CVEs don't apply.)

Bureaucrats sometimes forward e-mails about CVE numbers and want = us to assure them that we're "safe" and entering CVE numbers = in My Oracle Support doesn't usually turn up anything.

I am guessing that for DBAs in more secure en= vironments this is routine stuff, thought maybe someone might be able to pr= ovide some pointers.

I know about the typical advice like= "stay up-to-date with your software versions" -- except for that= OpenSSL bug LOL which got some people in trouble, no memory sticks or used= to be CDs (esp. if people are outside your building handing them out for f= ree), passwords are not all that secure (some employees are willing to give= them up for a little gift at the door), social engineering, don't trus= t your own employees, etc. etc.=C2=A0=C2=A0 I am just looking for a lookup = site somewhere that we might be able to trust.

-- Patrice

My profiles: 3D"Facebook"3D=3D"Twitter"=

Signature powered by WiseStamp=C2=A0
--001a11c3c8c4d2111e04fb2d90da-- -- http://www.freelists.org/webpage/oracle-l