Uploaded image for project: 'Project Quay'
  1. Project Quay
  2. PROJQUAY-4426

Debian double reporting

XMLWordPrintable

    • False
    • None
    • False

      As the name of the debian updaters has changed (eg. debian-bullseye-updater, debian/updater/bullseye) we are surfacing vulnerabilities from the both updaters on older installations. This is particularly noticeable when a vulnerability changes (eg. when it is fixed), the matcher finds both the pre-patched definition from debian-bullseye-updater (0:0 fixed version) and the patched definition from debian/updater/bullseye (see attached screenshot).

      The old style updater will not be GCed as no more update operations are happening to expire the old update operations.

      We will probably need a DB migration to delete these legacy update operations (and their subsequent vulns).

              Unassigned Unassigned
              jcroslan@redhat.com Joseph Crosland
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: