Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

epoch number might causing inaccurate results #78

Open
danielwangksu opened this issue May 14, 2021 · 0 comments
Open

epoch number might causing inaccurate results #78

danielwangksu opened this issue May 14, 2021 · 0 comments

Comments

@danielwangksu
Copy link

I have uno-libs3 installed:

Package: uno-libs3
Version: 6.0.7-0ubuntu0.18.04.10
Priority: optional
Section: libs
Source: libreoffice (1:6.0.7-0ubuntu0.18.04.10)
Origin: Ubuntu

cve-scan still report vulnerabilities:

CVE-2019-9848   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.8         Ubuntu Archive
CVE-2019-9848   medium      ure                             1:6.0.7-0ubuntu0.18.04.8         Ubuntu Archive
CVE-2019-9849   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.8         Ubuntu Archive
CVE-2019-9849   medium      ure                             1:6.0.7-0ubuntu0.18.04.8         Ubuntu Archive
CVE-2019-9850   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9850   medium      ure                             1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9851   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9851   medium      ure                             1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9852   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9852   medium      ure                             1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9853   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9853   medium      ure                             1:6.0.7-0ubuntu0.18.04.9         Ubuntu Archive
CVE-2019-9854   medium      uno-libs3                       1:6.0.7-0ubuntu0.18.04.10        Ubuntu Archive
CVE-2019-9854   medium      ure                             1:6.0.7-0ubuntu0.18.04.10        Ubuntu Archive

I think this is because dpkg does not include epoch number for some packages

dpkg -l | grep uno-libs3                                                                        ✔  1649  11:43:20
ii  uno-libs3                                  6.0.7-0ubuntu0.18.04.10                          amd64        LibreOffice UNO runtime environment -- public shared libraries
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@danielwangksu