-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False Positives in Redhat 8.6 EUS #1989
Comments
It is also necessary to confirm that it is a package installed from EUS Repository. |
As you can see, OVALV2 can only be used until 2024, so it is necessary to move the whole to CSAF, but it is very difficult to do these.
|
@MaineK00n do you have an ETA for the large scale refactoring? and if will take long... do you have an idea how we can provide a workaround for this until the good solution is implemented? |
@wagde-orca |
thanx @MaineK00n |
@wagde-orca |
yes we need some fallback mechanism like the one we had with oval and gost... |
Thank you for your proposal for how to implement it. |
@MaineK00n do you have an ETA for the large-scale refactoring? |
We are currently working towards a release date of the end of 2024. |
@MaineK00n will the large scale refactoring include also handling Redhat ELS properly? |
Of course, we are aware of that problem, so it is included. |
What did you do? (required. The issue will be closed when not provided.)
I ran vuls on redhat 8.6 with curl 7.61.1-22.el8_6.4 installed
What did you expect to happen?
I expected to get 0:7.61.1-22.el8_6.12 as the fixed version
What happened instead?
I got 0:7.61.1-30.el8 as the fixed version
Redhat has a separate oval file for redhat 8.6 EUS
rhel-8.6-eus.oval.xml.bz2
and currently goval-dictionary and vuls does not fetch it and fetch only the redhat 8 oval file and this is causing the FP... as you can see in the redhat security tracker (https://access.redhat.com/security/cve/CVE-2022-35252) they mention 8.6 EUS separately
and I guess vuls should behave according to this
The text was updated successfully, but these errors were encountered: