False Positive reported for ELSA-2022-4803

Question

False Positive reported for ELSA-2022-4803

navzen2000 opened this issue 2 years ago · 0 comments

navzen2000 commented 2 years ago

Is this a request for help?:

Is this a BUG REPORT or a FEATURE REQUEST? (choose one):

Version of Anchore Engine and Anchore CLI if applicable:
v1.1.0

What happened:
Reported ELSA-2022-4803 against rsyslog-8.24.0-57.0.1.el7_9.3 which is the fixed version
https://linux.oracle.com/errata/ELSA-2022-4803.html

What did you expect to happen:

Any relevant log output from /var/log/anchore:

What docker images are you using:
v1.1.0

How to reproduce the issue:
Vulnerability ID Package Severity Fix CVE Refs Vulnerability URL Type Feed Group Package Path
ELSA-2022-4803 rsyslog-8.24.0-57.0.1.el7_9.3 High 0:8.24.0-57.0.4.el7_9.3 CVE-2022-24903 https://linux.oracle.com/errata/ELSA-2022-4803.html rpm ol:7 pkgdb

Anything else we need to know: