Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Data quality issue with CVE-2016-10506 #3002

Open
gunp1a opened this issue Dec 19, 2024 · 4 comments
Open

Data quality issue with CVE-2016-10506 #3002

gunp1a opened this issue Dec 19, 2024 · 4 comments
Labels
data quality Issues with data quality

Comments

@gunp1a
Copy link

gunp1a commented Dec 19, 2024

The CVE ID
CVE-2016-10506

Describe the data quality issue observed
A clear and concise description of what the observed issue with the record is.
The affected versions about CVE-2016-10506 was wrong. The website versions is '2.5.0-2', '2.4.0-5', '2.5.0-1', '2.5.0-2~hurd.1', '2.4.0-6', '2.4.0-4', '2.4.0-3'. But in fact, vulnerabilities have been fixed on these versions. The incorrect vulnerability version can cause difficulties for developers and vendors, but I think the correct vulnerability version should be ['opj0-97', 'version.2.0', 'version.1.5', 'start', 'wg1n6848', 'version.1.3', 'version.2.0.1', 'version.1.2', 'v2.1.2', 'version.2.1', 'version.1.5.2', 'version.1.1', 'v2.1.1', 'version.1.5.1', 'version.1.4'].

Suggested changes to record
Check the version affected by the vulnerability.

Additional context
Patch
Error version
Right version

@gunp1a gunp1a added the data quality Issues with data quality label Dec 19, 2024
Copy link

✨ Thank you for your interest in OSV.dev's data quality! ✨

Please review our FAQ entry on how to most efficiently have this addressed.

@another-rex
Copy link
Contributor

Thanks for reporting this issue! This seems like a Debian issue where they mark this CVE as affecting all the versions that they release: https://security-tracker.debian.org/tracker/CVE-2016-10506

Can you report this to the Debian security team? https://wiki.debian.org/Teams/Security

@another-rex
Copy link
Contributor

It does seem to be marked as unimportant by them as well, which might be why it has not been updated. This unimportant tag is also imported into OSV entries.

@gunp1a
Copy link
Author

gunp1a commented Dec 22, 2024

It does seem to be marked as unimportant by them as well, which might be why it has not been updated. This unimportant tag is also imported into OSV entries.

ok~ Thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
data quality Issues with data quality
Projects
None yet
Development

No branches or pull requests

2 participants