raboof
commented
11 months ago Tested with fake data that this looks like it now works, but let's leave it open until we actually have populated the production online scanner with this particular case
Open raboof opened 11 months ago
raboof
commented
11 months ago Tested with fake data that this looks like it now works, but let's leave it open until we actually have populated the production online scanner with this particular case
Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2021-26720 in avahi.
This issue only affects Debian (and SUSE), which is not possible to see from the advisory metadata. We should probably use the mechanism in Nix-Security-WG/nix-local-security-scanner#51 to override the severity of this issue to
nonefor nixpkgs.