(Security) OVAL definition may be wrong
recently published OVAL definition (https:/
all definition which referenced 'linux' binary package object, has been affected.
How to reproduce:
for example find definition id: oval:com.
then in criterions find test_ref=
then in that test, find object: oval:com.
in this `dpkginfo_object`, <linux-def:name> used to contain only the name of the binary package, but now it contains a var_ref which points to multiple full name of the most recent binary package for linux kernel image:
I believe this is an error, an 'linux' binary package should not contain any version information, as can be seen in other packages objects which only contains a name of package.
can you please explain the purpose of this section?
Question information
- Language:
- English Edit question
- Status:
- Open
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask Hombre for more information if necessary.