alpine-secdb issueshttps://gitlab.alpinelinux.org/alpine/infra/alpine-secdb/-/issues2021-02-28T14:42:50Zhttps://gitlab.alpinelinux.org/alpine/infra/alpine-secdb/-/issues/3License on the secdb data2021-02-28T14:42:50ZLiubov GrinkevichLicense on the secdb dataHello! I've found your service with list vulnerabilities at https://secdb.alpinelinux.org/ is highly useful. Thank you for setting it public.
However, I'm wondering about using it in a commercial product because I'm not sure in license t...Hello! I've found your service with list vulnerabilities at https://secdb.alpinelinux.org/ is highly useful. Thank you for setting it public.
However, I'm wondering about using it in a commercial product because I'm not sure in license terms for the data of this service. I would like kindly ask your confirmation if we can use the feed data in our commercial product. If there are any license or any other terms that we need to comply with please do share it with us.https://gitlab.alpinelinux.org/alpine/infra/alpine-secdb/-/issues/2Add support for 'unaffected', a ghost version for CVEs which are we are not a...2020-09-11T09:27:46ZLeoAdd support for 'unaffected', a ghost version for CVEs which are we are not affected by.cifs-utils 6.11 has a CVE that requires --with-systemd, this is just the catalyst case, but it would be nice if we had a field called unaffected for CVEs we are not affected by.
Example:
```yaml
# secfixes:
# 1.0.0-r0:
# - CVE-202...cifs-utils 6.11 has a CVE that requires --with-systemd, this is just the catalyst case, but it would be nice if we had a field called unaffected for CVEs we are not affected by.
Example:
```yaml
# secfixes:
# 1.0.0-r0:
# - CVE-2020-1000
# unaffected:
# - CVE-2020-1001 (needs --with-systemd)
```https://gitlab.alpinelinux.org/alpine/infra/alpine-secdb/-/issues/1Mention vulnerability ID for heimdal 7.4.0-r0 in v3.6/main.yaml2020-05-24T06:56:04ZShivam SandbhorMention vulnerability ID for heimdal 7.4.0-r0 in v3.6/main.yamlhttps://gitlab.alpinelinux.org/alpine/infra/alpine-secdb/-/blob/master/v3.6/main.yaml#L430
This was found at our project https://github.com/nexB/vulnerablecode which consumes this data(we eventually aim to introduce community curation of...https://gitlab.alpinelinux.org/alpine/infra/alpine-secdb/-/blob/master/v3.6/main.yaml#L430
This was found at our project https://github.com/nexB/vulnerablecode which consumes this data(we eventually aim to introduce community curation of security related data and make it more accessible)
As you can see heimdal's `7.4.0-r0` entry has no vulnerability Id mentioned. Is this normal? If not please correct it.