Describe the data quality issue observed
osv.dev marks these as "no fix available" and does not list any git tags
Suggested changes to record
Git tags are listed and osv.dev is able to detect the CVE as fixed.
The exact cause of the problem is unfortunately unclear to me, otherwise I would suggest something more precise.
Given the "fixed" commits just point to the release tag commit, whatever produced the commit range did originally have the correct list of affected versions.
Additional context
NIST CPEs list the versions affected correctly.
The CVE ID CVE-2016-2336 CVE-2016-2337 CVE-2016-2338 CVE-2016-2339 CVE-2017-6181 CVE-2017-11465 CVE-2017-17790
Describe the data quality issue observed osv.dev marks these as "no fix available" and does not list any git tags
Suggested changes to record Git tags are listed and osv.dev is able to detect the CVE as fixed.
The exact cause of the problem is unfortunately unclear to me, otherwise I would suggest something more precise.
Given the "fixed" commits just point to the release tag commit, whatever produced the commit range did originally have the correct list of affected versions.
Additional context NIST CPEs list the versions affected correctly.