Description of problem:
RHEL 8 does not list CVEs when running "yum updateinfo list cves" This used to work in RHEL 7.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. yum updateinfo list cves
CVE-201#-###### Important/Sec. rhel-8-package.arch
I didn't see this as an option upstream but I do see it as an option for Oracles' dnf if that helps.
Here is the PR that fixes the problem: https://github.com/rpm-software-management/dnf/pull/1510
And here is the PR with tests: https://github.com/rpm-software-management/ci-dnf-stack/pull/659
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.