add new --fixed-in-pkg option?

[ryran]

Today someone said:

Are the following CVEs fixed in kernel version 2.6.32-504.36.1.el6.x86_64?
CVE-2012-6647 – Denial of Service (NULL point dereference)
CVE-2013-7339 – Denial of Service (NULL point dereference)
CVE-2014-2672 – Denial of Service (system crash)
CVE-2014-2678 – Denial of Service or crash
CVE-2014-2706 – Denial of Service (system crash)
CVE-2014-2851 – Denial of Service (system crash)
CVE-2014-3144 – Denial of Service (integer underflow and crash)
CVE-2014-3145 – Denial of Service (over-read and system crash)

Currently, the simplest pure-rhsecapi cmd we could run is:

rhsecapi -f fixed_releases,fix_states --spotlight '(linux|eus):6'

...but that still leaves a final manual step of confirming that the printed versions are in fact all older than the mentioned 2.6.32-504.36.1.el6 version. What if we could instead run:

rhsecapi --fixed-in-pkg 2.6.32-504.36.1.el6

...and it could come back with a binary answer? Anyway, it's an idea we could look at later.