IssueHuntfuture-architect/vuls
Do you want to work on this issue?
You can request for a bounty in order to promote it!
FP CVE-2011-4862 #1239
wagde-orca posted onGitHub
What did you do? (required. The issue will be closed when not provided.)
Scanned ubuntu 14 and got this FP
What did you expect to happen?
I expected that this CVE will not be reported by vuls
What happened instead?
vuls reported the CVE
Current Output this is the affected Package and the fixed in "name": "libasn1-8-heimdal", "fixedIn": "1.6git20120311.dfsg.1-2" and this is the installed version in the systen "libasn1-8-heimdal": { "version": "1.6~git20131207+dfsg", "release": "1ubuntu1.2" }
Steps to reproduce the behaviour
Scan ubuntu 14.04
vuls version 0.15.11
it seems that the ~ in the installed version causes the comparison to be wrong