Closed dinvlad closed 3 years ago
Hi Team,
In light of https://portswigger.net/daily-swig/developers-fix-multitude-of-vulnerabilities-in-apache-http-server and https://launchpad.net/ubuntu/bionic/+source/apache2/+changelog, looks like fixes for these CVEs have been released in Bionic, but this repo still shows them as needed: https://github.com/aquasecurity/vuln-list/blob/b65603881444113aba1d1ca4b291a3cbb9c11691/ubuntu/2021/CVE-2021-40438.json#L21 and https://github.com/aquasecurity/vuln-list/blob/29c2353562eafeb2d21898db05069f7ebb0dd90b/ubuntu/2021/CVE-2021-33193.json#L24
needed
Could you clarify how and how often the vuln lists are updated for Ubuntu? I'm trying to understand the discrepancy here.
EDIT: more specifically, looks like the Ubuntu update script might not be parsing Launchpad correctly.
Thank you!
Hi Team,
In light of https://portswigger.net/daily-swig/developers-fix-multitude-of-vulnerabilities-in-apache-http-server and https://launchpad.net/ubuntu/bionic/+source/apache2/+changelog, looks like fixes for these CVEs have been released in Bionic, but this repo still shows them as
needed
: https://github.com/aquasecurity/vuln-list/blob/b65603881444113aba1d1ca4b291a3cbb9c11691/ubuntu/2021/CVE-2021-40438.json#L21 and https://github.com/aquasecurity/vuln-list/blob/29c2353562eafeb2d21898db05069f7ebb0dd90b/ubuntu/2021/CVE-2021-33193.json#L24Could you clarify how and how often the vuln lists are updated for Ubuntu? I'm trying to understand the discrepancy here.
EDIT: more specifically, looks like the Ubuntu update script might not be parsing Launchpad correctly.
Thank you!