nix-security-tracker icon indicating copy to clipboard operation
nix-security-tracker copied to clipboard

Published 20 hours ago verified publisher icon Nix-Security-WG

False positive: CVE-2015-2987 in ed

Open raboof opened this issue 1 year ago • 0 comments

Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2015-2987 in ed.

This is a false positive, because our 'ed' is GNU ed, not the (unrelated) cpe:2.3:a:type74:ed.

We should perhaps just exclude this CPE as it is unlikely we'd ever package Type74 ED #81

raboof avatar Dec 08 '23 11:12 raboof