=== RPM Change log ===
RPM change log can be used to view when a package was last updated
\\
It can also be used to view if a specific version of a package (eg. php) has been patched for a known vulnerability
<sxh bash>
# rpm -qa | grep php | grep .x86_64
php-xml-5.3.3-40.el6_6.x86_64
php-snmp-5.3.3-40.el6_6.x86_64
php-tidy-5.3.3-40.el6_6.x86_64
php-bcmath-5.3.3-40.el6_6.x86_64
php-fpm-5.3.3-40.el6_6.x86_64
php-5.3.3-40.el6_6.x86_64
php-mysql-5.3.3-40.el6_6.x86_64
php-xmlrpc-5.3.3-40.el6_6.x86_64
php-mbstring-5.3.3-40.el6_6.x86_64
php-common-5.3.3-40.el6_6.x86_64
php-pspell-5.3.3-40.el6_6.x86_64
php-pecl-memcache-3.0.5-4.el6.x86_64
php-mcrypt-5.3.3-3.el6.x86_64
php-cli-5.3.3-40.el6_6.x86_64
php-pdo-5.3.3-40.el6_6.x86_64
php-gd-5.3.3-40.el6_6.x86_64
php-devel-5.3.3-40.el6_6.x86_64
</sxh>
We can see that the current version installed on the system is: php-5.3.3-40.el6_6.x86_64
\\
Now we can query this package with changelog
<sxh bash>
rpm -q php-5.3.3 --changelog | head -20
</sxh>
Example output:

<sxh bash>
[root@LLL ~]# rpm -q php-5.3.3  --changelog | head -20
* Thu Oct 23 2014 Jan Kaluza <jkaluza@redhat.com> - 5.3.3-40
- fileinfo: fix out-of-bounds read in elf note headers. CVE-2014-3710

* Tue Oct 21 2014 Remi Collet <rcollet@redhat.com> - 5.3.3-39
- xmlrpc: fix out-of-bounds read flaw in mkgmtime() CVE-2014-3668
- core: fix integer overflow in unserialize() CVE-2014-3669
- exif: fix heap corruption issue in exif_thumbnail() CVE-2014-3670

* Wed Sep 10 2014 Remi Collet <rcollet@redhat.com> - 5.3.3-38
- spl: fix use-after-free in ArrayIterator due to object
  change during sorting. CVE-2014-4698
- spl: fix use-after-free in SPL Iterators. CVE-2014-4670

* Thu Aug 14 2014 Remi Collet <rcollet@redhat.com> - 5.3.3-37
- gd: fix NULL pointer dereference in gdImageCreateFromXpm.
  CVE-2014-2497
- fileinfo: fix incomplete fix for CVE-2012-1571 in
  cdf_read_property_info. CVE-2014-3587
- core: fix incomplete fix for CVE-2014-4049 DNS TXT
  record parsing. CVE-2014-3597
</sxh>