fix: correct affected versions of APSB24-26

cisagov / vulnrichment

A repo to conduct vulnerability enrichment.

Creative Commons Zero v1.0 Universal

399 stars 29 forks source link

fix: correct affected versions of APSB24-26 #73

Closed MaineK00n closed 2 weeks ago

MaineK00n commented 2 weeks ago

🗣 Description

In the case of the current writing style, all versions below 24.0.1 are targeted, but as long as the release is read, I think that the version should be defined in the 2023 and 2024 series. At least, it is a problem that the 23.x.y version, which is larger than 23.0.4, will be affected.

jwoytek-cisa commented 2 weeks ago

@MaineK00n thanks for the report. As you discovered, while the CNA reports everything before 24.0.1 is affected, the vendor bulletin indicates that these issues are in the 2023 and 2024 products. We're unable to merge this PR due to upstream changes that occurred in the interim, but we have also made updates to align with the vendor bulletin and your suggestions in this PR. We would recommend also contacting the CNA in this case to request clarification in the CNA-provided data.