Hi > If they weren't actually tested I think it would make sense to revert them to > avoid getting auto-generated CVEs > until they're in more or less good shape at least.
I've just opened https://github.com/google/oss-fuzz/pull/7401 to weed out some false positives. Given that they are "security" issues and bash scripts generating CVEs rely on that label I hope they will be closed as "invalid" or "wonfix". The issues found by fuzz-elf-get-sections (which was renamed to fuzz-libelf apparently) were closed as "Verified" though so I'm not sure how it works exactly. Thanks, Evgeny Vereshchagin
