I was noticing CentOS was not longer releasing CVE OVAL information. It looks like it used to go to oval.mitre.org but since the transition to oval.cisecurity.org there have been no more updates to that. Does anyone have any information on why that might be?
Support for security such as Firewalls and securing linux
3 posts • Page 1 of 1
As far as I know, nothing has been changed regarding this. Where did you see the information that is now missing? All the information that is provided are the CVE IDs in package changelogs. This has been the case since as far as I can remember.
The CIS OVAL site (or mitre) doesn't have information on any CVE for centos6 past CVE-2015-3456 (released 2015-06-02). The redhat OVAL site has up to CVE-2015-8548 (released 2015-12-14). Any idea who/what was updating the centos OVAL CVEs previously and/or why it stopped? Is there potentially anywhere else to get this information?