Dear QA Group,
I am writing to you as you are mentioned as a maintainer of abiword package.
I did some research about Debian vulnerability data and found an issue.
But information of this CVE in the file of
OVAL data for Buster is different. Definition of that CVE starts from line 33665 in that file. Criterion below tells that
None DPKG is earlier than 2.4.1-1.
My questions are:
1. Should I consider fixed version 2.4.1-1 for abiword?
2. Why OVAL criterion references to "None" object? How should I interpret this?
3. Should I rely on OVAL files?
Hoping for an answer.
--
Andrey Nikonov,
Security engineer,
"Frodex" Ltd.
Ufa, Russia.