-
Task
-
Resolution: Unresolved
-
Major
-
None
-
None
-
None
-
None
-
True
-
-
False
-
-
Currently the VEX parsing in claircore assumes that known_affected components are describing source packages (as they were). Prodsec have decided that known_affected components should also now describe binary packages.
The actual details about how to discern binary vs source packages is still being discussed so any clair changes would need to finalized after that.
- is blocked by
-
SECDATA-1097 Add binary package names to CSAF VEX files for unpatched vulnerabilities
-
- Closed
-
- is caused by
-
-
- Closed
-