[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
jesus at wazuh.com
Wed Nov 2 10:29:03 UTC 2016
this is from the specific CVE: xenial_libapache-mod-jk: not-affected (1:1.2.
So, if it is not affected for xenial, the check should include the "negate"
in order to return that is not a vulnerability, right?.
On Fri, Oct 28, 2016 at 9:10 PM, Seth Arnold <seth.arnold at canonical.com>
> On Fri, Oct 28, 2016 at 11:19:21AM +0200, Jesus Linares wrote:
> > I think this test should have the "negate" due to the comment "While
> > related to the CVE in some way, the 'libapache-mod-jk' package in* xenial
> > is not affected*". So, maybe the input of the script is wrong?. Where is
> > the input?.
> The input is from the ubuntu-cve-tracker bzr tree;
> In the case of this specific CVE:
> ubuntu-hardened mailing list
> ubuntu-hardened at lists.ubuntu.com
*IT Security Engineer*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-hardened