Open raboof opened 9 months ago
Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2015-2987 in ed.
This is a false positive, because our 'ed' is GNU ed, not the (unrelated) cpe:2.3:a:type74:ed.
cpe:2.3:a:type74:ed
We should perhaps just exclude this CPE as it is unlikely we'd ever package Type74 ED #81
Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2015-2987 in ed.
This is a false positive, because our 'ed' is GNU ed, not the (unrelated)
cpe:2.3:a:type74:ed.We should perhaps just exclude this CPE as it is unlikely we'd ever package Type74 ED #81