Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Done
Priority: Normal
Fix Version/s: clair-4.6.1
Affects Version/s: None
Component/s: clair, quay.io
Labels:
- triaged

Blocked:
False
Blocked Reason:
None
Ready:
False

RICE Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

As the name of the debian updaters has changed (eg. debian-bullseye-updater, debian/updater/bullseye) we are surfacing vulnerabilities from the both updaters on older installations. This is particularly noticeable when a vulnerability changes (eg. when it is fixed), the matcher finds both the pre-patched definition from debian-bullseye-updater (0:0 fixed version) and the patched definition from debian/updater/bullseye (see attached screenshot).

The old style updater will not be GCed as no more update operations are happening to expire the old update operations.

We will probably need a DB migration to delete these legacy update operations (and their subsequent vulns).

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

debian bullseye curl vulns.png
203 kB
2022/09/07 4:09 PM

Activity

People

Assignee:: Unassigned

Reporter:: Joseph Crosland

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2022/09/07 4:06 PM

Updated:: 2023/03/30 8:42 PM

Resolved:: 2023/03/03 7:16 PM