False negative: CVE-2023-38470 in avahi

Nix-Security-WG / nix-local-security-scanner

Reports on which security advisories may be relevant for a given system or derivation

MIT License

3 stars 0 forks source link

False negative: CVE-2023-38470 in avahi #28

Closed raboof closed 11 months ago

raboof commented 11 months ago

It seems CVE-2023-38470 is no longer reported for avahi, which is technically correct (a patch has been applied for it) but may still indicate a 'false negative' problem since we haven't implemented checking for patches yet. Let's doublecheck how/why it fell out of the results.

raboof commented 11 months ago

It's actually still reported correctly, I was looking at it wrong