A Database of Patched Software?

Midnight Warrior asks: "I am one system administrator for what is an organization of dozens of LANs. Together, we all must keep our machines patched. Now we can all watch CVE, frequent securityfocus.com, or let LWN [Updated vulnerabilities section] bring things together. LWN does a fabulous job, but I'm looking for something bigger and more personalized that doesn't require the system be on the internet. Freshmeat, SourceForge, and Google are all NULL on this question: is there a database, and scraping agents in existence that will let one person oversee dozens of OS installations, a mish-mash of software packages, and an even worse level of up-to-date patching exist so that when a new vulnerability against, say, OpenSSH comes out, I can look up which systems need to be tested and patched? My work should be limited to maintaining OS (not just Linux distros), software versions, and current patch lists. This is a classic database problem, but has someone already solved it?"

Commercial Solution?

[illectro]

One possible solution is a commercial Vulnerbility assessment solution such at Qualysguard - it'll scan your network and tell you which machines need updated. You can also go open source with Nessus, but it's UI is a lot weaker and it doesn't feature the task management tools that Qualys has (and you seem to be interested in this). Of course this will only tell you about software which can be remotely exploited, local updates are somewhat hard ;-)

I think one..

[fredan]

...way to solve your problem is to use Gentoo.

First run "emerge sync" and the "emerge -vp world" to see what kind of updates that would be needed on the system.

And if you have one system that include the feature "buildpkg", the rest of your system could take the pre-compiled packages from the first system and just install it.
(Run "emerge --usepkg -vp world")