[ubuntu-hardened] OVAL show tons of Unknown and Vulnerable installed packages

[Johan Ryberg]

Hi,

I'm running fully patched Ubuntu 16.04 servers and I'm about to
validate Open SCAP but I'm not getting trustworthy results.

I'm using the latest
https://people.canonical.com/~ubuntu-security/oval/ and are using
correct file.

Thousands of packages that are not installed are shown as Unknown or Vulnerable

Is there any known issues with the xml?

Best regards Johan