I know Clair flags vulnerabilities by package version comparison. I scanned one image which is having *util-linux 2.20.1-5.1ubuntu20.90* package version and I know this package has CVE-2017-2616 vulnerability. But when we scan using Clair Scanner, it is not flagged by it. Also, it flags CVE-20140-8991 Vulnerability in the image having ubuntu 14.04 OS whereas in Ubuntu CVE tracker this vulnerability doesn't have any link with Ubuntu 14.04. Can anyone please explain what's going on here. Are we getting false positives and false negatives?
Thanks -- You received this message because you are subscribed to the Google Groups "CoreOS Dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/coreos-dev/b96061de-be1c-4aba-abb7-b50ce03d42bf%40googlegroups.com.
