[ubuntu-hardened] OVAL shows vulnerabilities when software is not installed
Seth Arnold
seth.arnold at canonical.com
Fri Oct 28 19:10:51 UTC 2016
On Fri, Oct 28, 2016 at 11:19:21AM +0200, Jesus Linares wrote:
> I think this test should have the "negate" due to the comment "While
> related to the CVE in some way, the 'libapache-mod-jk' package in* xenial
> is not affected*". So, maybe the input of the script is wrong?. Where is
> the input?.
The input is from the ubuntu-cve-tracker bzr tree;
https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
In the case of this specific CVE:
http://bazaar.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master/view/head:/active/CVE-2014-8111
Thanks
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20161028/55d9dfa1/attachment.pgp>
More information about the ubuntu-hardened
mailing list