008ca2c583
Some CVE entries in the NVD database have version_value set to "-", which seems to indicate that it applies to all versions of the software project, or that they don't really know which versions are affected, and which are not. So, for the benefit of doubt, it seems more appropriate to consider such CVEs as affecting our packages. This makes the total number of CVEs affecting our next branch jump from 141 CVEs to 658 CVEs, but that number will go back down once we switch to the JSON 1.1 schema. Indeed, in the JSON 1.0 schema, there are often cases where a version_value is set to "=" *and* specific versions are set to. Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
|---|---|---|
| .. | ||
| config-fragments | ||
| dependencies | ||
| docker | ||
| download | ||
| gnuconfig | ||
| kconfig | ||
| legal-info | ||
| libtool | ||
| misc | ||
| scripts | ||
| testing | ||