Package: security.debian.org Currently the oval generator is hard coded to set jessie to correspond to version 8.2.
This causes the following test for Jessie: <textfilecontent_state id="oval:org.debian.oval:ste:3" version="1"><line operation="equals">8.2</line></textfilecontent_state> On the following object: <textfilecontent_object id="oval:org.debian.oval:obj:1" version="1"><path>/etc</path><filename>debian_version</filename><line operation="pattern match">\d\.\d</line></textfilecontent_object> Therefore any Jessie system that is not running the 8.2 point release will cause the test to result as not applicable when it actually does apply. The likely fix here is to change the pattern match on the obj:1 test to be ^\d to only grab the first digit (later can be modified to grab the all the digits before the first dot). This issue is not just found in the Jessie Oval tests because we hard code all the versions with the DEBIAN_VERSIONS variable in generate.py. This means we will need to change those to just correspond to the debian release and not the point release. This may create another issue where sarge and woody both have the major version of "3". Not sure if we even care about oval defs for sarge/woody though... -- Nicholas Luedtke HPE Linux Security, Hewlett-Packard Enterprise
signature.asc
Description: OpenPGP digital signature
