Draft: Display not-affected issues as such (rather than fixed) (CVE view) (!233) · Merge requests · Debian Security Tracker / security-tracker

Sylvain Beucler requested to merge beuc/security-tracker:issue41-fixed-vs-not-affected into master Jul 11, 2025

This is going to conflict with #32/!221 and #25/!223 but let's push this to start experimenting/discussing.

I didn't try to complexify the base query, or expand the 'vulnerable' field, this would be more intrusive I think.
However the 'fixed_version=0' is clashing with !221.

CVE view: Package view (open): Package view (unimportant):

The current CVE view relies on table 'package_source_status' which contains a pre-computed 'vulnerable' field, which does not handle the not-affected case clearly.

This consolidate this data with a simple query for vulnerable releases.

Closes: #38
Closes: #41

Edited Jul 12, 2025 by Sylvain Beucler

Draft: Display not-affected issues as such (rather than fixed) (CVE view)

Merge request reports