github-actions[bot]
commented
1 week ago :sparkles: Thank you for your interest in OSV.dev's data quality! :sparkles:
Please review our FAQ entry on how to most efficiently have this addressed.
Open Bo98 opened 1 week ago
github-actions[bot]
commented
1 week ago :sparkles: Thank you for your interest in OSV.dev's data quality! :sparkles:
Please review our FAQ entry on how to most efficiently have this addressed.
The CVE ID CVE-2016-2336 CVE-2016-2337 CVE-2016-2338 CVE-2016-2339 CVE-2017-6181 CVE-2017-11465 CVE-2017-17790
Describe the data quality issue observed osv.dev marks these as "no fix available" and does not list any git tags
Suggested changes to record Git tags are listed and osv.dev is able to detect the CVE as fixed.
The exact cause of the problem is unfortunately unclear to me, otherwise I would suggest something more precise.
Given the "fixed" commits just point to the release tag commit, whatever produced the commit range did originally have the correct list of affected versions.
Additional context NIST CPEs list the versions affected correctly.