You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In the trivi.db "vulnerabity" bucket, the CVE-yyyy-id is collecting "VendorSeverity", vendor specific "CVSS" scores and url "References" data from redhat, oracle, ubuntu, ... but not from SUSE.
For SUSE, this data is instead stored only into a specific SUSE-SU-... or òpenSUSE-SU-...` entry.
Should the SUSE VendorSeverity, CVSS and References from the be added to the CVE from the SUSE-*.json data? instead of creating a SUSE-SU item? or in addition?
The text was updated successfully, but these errors were encountered:
In the trivi.db "vulnerabity" bucket, the
CVE-yyyy-id
is collecting "VendorSeverity", vendor specific "CVSS" scores and url "References" data from redhat, oracle, ubuntu, ... but not from SUSE.For SUSE, this data is instead stored only into a specific
SUSE-SU-...
or òpenSUSE-SU-...` entry.The corresponding fields are available in the testing data pkg/vulnsrc/suse-cvrf/testdata. The SUSE specific CVSSScoreSets are empty here, but they are populated in more recent files, like cvrf/suse/opensuse/2015/openSUSE-SU-2015-0225-1.json
Is this a feature or a bug?
Should the SUSE VendorSeverity, CVSS and References from the be added to the CVE from the SUSE-*.json data? instead of creating a SUSE-SU item? or in addition?
The text was updated successfully, but these errors were encountered: