Skip to content

Unnormalized vulnerability IDs

$ wget https://secdb.alpinelinux.org/v3.6/community.json  
$ jq . community.json | grep -B4 -A4 regression
      "pkg": {
        "secfixes": {
          "4.2.1-r7": [
            "CVE-2016-6252",
            "CVE-2017-2616 (+ regression fix)"
          ]
        },
        "name": "shadow"
      }
$ wget https://secdb.alpinelinux.org/v3.6/main.json   
$ jq . main.json | grep -B3 -A4 XSA-204
          "4.7.1-r4": [
            "CVE-2016-10024 XSA-202",
            "CVE-2016-10025 XSA-203",
            "CVE-2016-10013 XSA-204"
          ]
        },
        "name": "xen"
      }
$ curl --silent https://secdb.alpinelinux.org/v3.11/community.json | jq . | grep -B3 -A1 CVE_2019-2426
          "7.211.2.6.17-r0": [
            "CVE-2018-11212",
            "CVE-2019-2422",
            "CVE_2019-2426"
          ],

Is this intentional?

Edited by Teppei Fukuda