main/wpa_supplicant: CVE-2017-13077 reported to be fixed twice in secfixes comment
From IRC:
- Overloaded CVE's on the same package for different fixed versions - For example, package "wpa_supplicant" in https://secdb.alpinelinux.org/v3.11/main.json has CVE-2017-13077 both under secfix
2.7-r0
and under secfix2.6-r7
.
This was introduced with 5d9b6ee3. I think we backported the secfixes in 2.6-r7
.
We should check the other branches and clean this up.
May also be good to have some tooling to prevent this from happening?
@Leo do you think the apkbuild-linter can look for duplicate CVEs in secfixes comment?