Code review comment for ~evancaville/ubuntu-cve-tracker:oval/fix-kernel-pkg-ids
Revision history for this message
| Eduardo Barretto (ebarretto) wrote | # |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
Just some brain dump here on my investigation:
The oval file from Feb 5th, had id 22040000107620 in the CVE tag for CVE-2024-0641, but that id didn't point to anything else in that OVAL file.
That CVE was touched on February 7th, changing the status from `pending (<version>)` to `released (<version>)`. I tried to generate an oval with the status back to `pending (<version>)` but still could not reproduce the issue.
On February 7th, David realized that because of all the infrastructure issues we had the days before, OVAL generation had been stuck for 2 days.
Therefore I think this issue might be a one-off error during generation caused by many different issues that might have happened at the same time. Probably a combination of cache + uct + server that led to this issue.
I will move the status of this PR to Work in Progress as we try to reproduce this in some way.