Norbert, the expected result is not to have zero unpatched CVEs. That's unrealistic and I'm afraid that openscap from github is giving you the wrong results. For instance, as of this writing, CVE-2015-5180 against glibc is unfixed so it should not be reporting zero unpatched CVEs.
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2015-5180 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1658759 Title: oscap with com.ubuntu.xenial.cve.oval.xml wrongly reports many unpatched (and unknown) non-installed packages on Ubuntu Xenial 16.04.1 LTS To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openscap/+bug/1658759/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
