You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Is there a way that this new version notation for dependency and vulnerability ranges can be made to work for back-ported vulnerability patching like Red Hat and other Linux vendors often do? We get a lot of FPs in SCA tools because they don't recognized back-ported patches.
Say you have a range of vulnerable versions from 3.0 to 5.4, and that a patch fix the vulnerability in 5.5 is backported to 3.5 and 4.5, I would like to have a simpler way to obtain a new range looking like this: from 3.0 to before 3.5, from 4.0 to before 4.5, from 5.0 to 5.4
The text was updated successfully, but these errors were encountered:
reported by @kwwall in this comment
Say you have a range of vulnerable versions from 3.0 to 5.4, and that a patch fix the vulnerability in 5.5 is backported to 3.5 and 4.5, I would like to have a simpler way to obtain a new range looking like this: from 3.0 to before 3.5, from 4.0 to before 4.5, from 5.0 to 5.4
The text was updated successfully, but these errors were encountered: