Package: security.debian.org Severity: normal Dear Maintainer,
There is a mistake in the oval file provided here(https://www.debian.org/security/oval/oval-definitions-2014.xml). The entry of 'CVE-2014-8159' has wrong criterion for debian 8(jessie). As pasted below, the 'comment' and the 'state'(oval:org.debian.oval:ste:2342) are both wrong... ------------------------------------------------------------------------------------------------ <criteria comment="Release section" operator="AND"> <criterion comment="Debian 8.2 is installed" test_ref="oval:org.debian.oval:tst:4"/> <criteria comment="Architecture section" operator="OR"> <criteria comment="Architecture independent section" operator="AND"> <criterion comment="all architecture" test_ref="oval:org.debian.oval:tst:2"/> <criterion comment="linux DPKG is earlier than fixes a regression in the xen-netfront driver \ (<a href="https://bugs.debian.org/782698">#782698</a>)" test_ref="oval:org.debian.oval:tst:3635"/> </criteria> </criteria> </criteria> ...... ...... <dpkginfo_state id="oval:org.debian.oval:ste:2342" version="1"> <evr datatype="evr_string" operation="less than"> 0:fixes a regression in the xen-netfront driver (<a href="https://bugs.debian.org/782698">#782698</a>) </evr> </dpkginfo_state> ------------------------------------------------------------------------------------------------

