Package: security.debian.org
Severity: normal

Dear Maintainer,

There is a mistake in the oval file provided 
here(https://www.debian.org/security/oval/oval-definitions-2014.xml).
The entry of 'CVE-2014-8159' has wrong criterion for debian 8(jessie).
As pasted below, the 'comment' and the 'state'(oval:org.debian.oval:ste:2342) 
are both wrong...

------------------------------------------------------------------------------------------------
<criteria comment="Release section" operator="AND">
    <criterion comment="Debian 8.2 is installed" 
test_ref="oval:org.debian.oval:tst:4"/>
    <criteria comment="Architecture section" operator="OR">
        <criteria comment="Architecture independent section" operator="AND">
            <criterion comment="all architecture" 
test_ref="oval:org.debian.oval:tst:2"/>
            <criterion comment="linux DPKG is earlier than fixes a regression 
in the xen-netfront driver \
                                (<a 
href="https://bugs.debian.org/782698";>#782698</a>)"  
test_ref="oval:org.debian.oval:tst:3635"/>
        </criteria>
    </criteria>
</criteria>
......
......
<dpkginfo_state id="oval:org.debian.oval:ste:2342" version="1">
    <evr datatype="evr_string" operation="less than">
        0:fixes a regression in the xen-netfront driver (<a 
href="https://bugs.debian.org/782698";>#782698</a>)
    </evr>
</dpkginfo_state>
------------------------------------------------------------------------------------------------





Reply via email to