In AmazonLinux2 there are a few packages, including some kernel versions, which can be installed via the "extras" mechanism, and that happens through individual mirrors which are separate from the one which is currently used to fetch the update advisories.
This means that some advisories like this one as currently not present in the vuln-list output.
The list of packages included in the extras can be pulled from
In AmazonLinux2 there are a few packages, including some kernel versions, which can be installed via the "extras" mechanism, and that happens through individual mirrors which are separate from the one which is currently used to fetch the update advisories. This means that some advisories like this one as currently not present in the vuln-list output.
The list of packages included in the extras can be pulled from
with each mirror link then being found at
As far as I am aware, this only applies to Amazon Linux 2 at the time of writing.