Re: About CVE-2017-10965
On Tue, Sep 01, 2020 at 11:57:08AM +0000, Teppei Fukuda wrote:
> Hi Moritz,
>
> Thank you for the quick reply. I also found more gaps than this case. Do you have a plan to compare OVAL and Security Tracker and fill gaps? Or, if Debian Security Tracker is always correct, should we use the following repository, not OVAL?
> https://salsa.debian.org/security-tracker-team/security-tracker
I'm not very familiar with the OVAL feed and how it gets synced with the
core data. But the Security Tracker is definitively the source of truth,
so when in doubt add a local override to the OVAL data as found in the
Debian Security Tracker.
Cheers,
Moritz
Reply to: