[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
Steve Beattie
sbeattie at ubuntu.com
Mon Oct 24 02:59:48 UTC 2016
On Thu, Oct 20, 2016 at 05:38:01PM +0200, Jesus Linares wrote:
> you are right, if the test had "negate", it would be false. So, openscap
> will not show it as a vulnerability. I do not understand why the py script
> does not print the "negate" string.
>
> Also, why create a test that always return false?.
This was due to a bug in the OVAL data generator script that caused
negate attribute to never show up. Thanks to a suggested fix by David
Ries, these should now be emitted properly.
> is this list the proper site to talk about the oval files of Ubuntu?.
> Right now, these oval files are totally useless due to this issue.
Yes, this list is the proper place to discuss the OVAL files.
Thanks for the interest in them.
--
Steve Beattie
<sbeattie at ubuntu.com>
http://NxNW.org/~steve/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161023/1be56e22/attachment.pgp>
More information about the ubuntu-hardened
mailing list