-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does Vuls match oval and 3rd party repositories? #1620
Comments
Currently, Debian/Ubuntu does not look at repositories of installed packages. fixed version: 2.4.41-4ubuntu3.14 < installed version: 2.4.55-1+ubuntu20.04.1+deb.sury.org+2, so this should be treated as a unaffected vulnerability on your machine. |
I'm a bit confused
also the the repo has an update 2.4.56 so I thought that 2.4.55 is also affected. |
I think 2.4.56 is the version of apache/httpd. I assume your machine is Ubuntu 20.04, but according to https://ubuntu.com/security/CVE-2023-25690 it is fixed in 2.4.41-4ubuntu3.14. However, since you are not using apache in the official repository provided by Ubuntu to begin with, there is no point in looking at ubuntu's fixed version. |
Hi,
For "reasons" we use the apache of "deb http://ppa.launchpad.net/ondrej/apache2/ubuntu focal main"
instead of the normal ubuntu one.
I was wondering if vuls also detects CVE's on those packages.
ii apache2 2.4.55-1+ubuntu20.04.1+deb.sury.org+2 amd64 Apache HTTP Server
should match cve https://ubuntu.com/security/CVE-2023-25690 but it doesn't?
The text was updated successfully, but these errors were encountered: