How to check whether list of CVEs are fixed or not?

[sreedhar0308]

I want to check the list of CVEs fixed or not in CentOS 8. I tried this command "rpm -qip --changelog *.rpm | grep CVE_XXXX_XXXX". This is not helping me. For example, if CVE_XXXX_XXXX fixed in CentOS 7.7, then its showing in CentOS 8.

The requirement is If I search for CVE-X in CentOS8, then it should show whether CVE is fixed in current release or in previous releases.
Is there any command for this?

Please provide your inputs.

Thank you.

[TrevorH]

The command you want is rpm -q --changelog $packagename for each package you want to look at the changelog for. This will require the package to be installed. If you have the packages downloaded and not installed then you need to amend the command to use -qp and add the full filename to the command instead of just the package name.

The requirement is If I search for CVE-X in CentOS8, then it should show whether CVE is fixed in current release or in previous releases.

No. Using rpm -q --changelog just tells you if it's fixed. It doesn't tell you about when it was fixed, for that you need to look at the changelog in more detail and extract the date lines from it as well. The important thing is "is it fixed" not when.