Red Hat Product Security team is planning to released new format of OVAL v2 data, where unfixed and unaffected vulnerabilities will include <affected_cpe_list> section. This will make libvun process such entries. At this point, we want to discard both kidns of entries as soon as we encounter them.

• Unaffected vulnerabilities will be discarded even in the future, as from point of security scanning they offer no value
• Unfixed vulnerabilities will be processed in the future patch