[debian] false positive check is missing vulnerabilities

AppThreat / vulnerability-db

Vulnerability database and package search for sources such as Linux, OSV, NVD, GitHub and npm. Powered by sqlite, CVE 5.0, purl, and vers.

MIT License

95 stars 22 forks source link

[debian] false positive check is missing vulnerabilities #126

Closed prabhu closed 7 months ago

prabhu commented 7 months ago

The below entry is not captured and not reported by OSV either.

{
      "Original": "- xz-utils 5.6.1+really5.4.5-1",
      "Line": 360,
      "Type": "package",
      "Package": "xz-utils",
      "Kind": "fixed",
      "Version": "5.6.1+really5.4.5-1"
    },

https://github.com/AppThreat/vulnerability-db/blob/master/vdb/lib/aqua.py#L802-L804

https://github.com/AppThreat/vuln-list/blob/main/debian/CVE/CVE-2024-3094.json