Inconsistent data between security tracker and debsecan
Hi,
I noticed that debsecan is not reporting some CVEs. For example, https://security-tracker.debian.org/tracker/source-package/faad2 shows 10 vulnerabilities but debsecan reports 8. As far as I can tell, CVE-2021-32272 and CVE-2021-32273 are not associated with faad2 in the debsecan data.
I could be wrong, but I think they were being reported earlier this month so maybe the changes introduced with 1458892d and b7b3e59f are confusing the generator of the debsecan data.
This is how I tested:
# cat status
Package: libfaad2
Priority: optional
Status: install ok installed
Section: libs
Installed-Size: 529
Maintainer: Debian Multimedia Maintainers <debian-multimedia@lists.debian.org>
Architecture: amd64
Source: faad2
Version: 2.8.8-3
Replaces: libfaad2-0
Depends: libc6 (>= 2.14)
Conflicts: libfaad2-0
# debsecan --status=status
CVE-2018-20196 libfaad2 (low urgency)
CVE-2018-20199 libfaad2 (low urgency)
CVE-2018-20360 libfaad2 (low urgency)
CVE-2019-6956 libfaad2
CVE-2021-32274 libfaad2
CVE-2021-32276 libfaad2
CVE-2021-32277 libfaad2
CVE-2021-32278 libfaad2
Reply to: