[matio] How to fix/remove 2021-440?
tbeu opened this issue · comments
tbeu commented
CVE-2020-36428 = OSV-2021-440 = https://oss-fuzz.com/testcase-detail/5668218489536512 is considered invalid. How can both CVE and OSV be marked as fixed?
Oliver Chang commented
It's not fixed according to the OSV. https://osv.dev/vulnerability/OSV-2021-440 has an "introduced" event only, and no "fixed" event.
We also don't generate the CVE -- someone else is taking our entries and generating them.
tbeu commented
Yes, I know, it is not marked as fixed in the yaml file. But I thought it is considered a false-positive issue and wondered how to deal with it.
Oliver Chang commented
Ah, I misunderstood your question. After your PR, https://osv.dev/vulnerability/OSV-2021-440 is marked as fixed, thanks!