Incorrect CVES addressed value on /16-04

[bethcollins92]

Summary

The number of CVE's addressed on https://ubuntu.com/16-04 is 8,142 but it should be around 5941. This number is generated by a query to the API - could there be a bug with the API when it tries to filter the correct CVEs?

Screenshot

[nmav]

If it helps this is what I used to get the total number of CVEs

./scripts/report-fixes-by-usn.py -r xenial  --database database-all.pickle|grep CVE-|sed 's/[\s\t]//g'|sort -u|wc -l

[albertkol]

@stevebeattie anyone from Security can help us with making sure we get the correct numbers for the https://ubuntu.com/16-04 page?

The query I run against the API to determine the number of CVEs addressed on 16-04 is: https://ubuntu.com/security/cves.json?version=xenial&status=released&limit=1 In other words: We select the CVEs that have at least one package with the status released on the version xenial. The number I get at the point in time the number is 8823. Is that incorrect?

[petesfrench]

Hi @stevebeattie, could you take a look and confirm whether this return an accurate result for total number of CVE's please: https://ubuntu.com/security/cves.json?version=xenial&status=released&limit=1 it is currently returning 9614