Bug 2028428 - Update source of CVE data in data stream
Summary: Update source of CVE data in data stream
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: scap-security-guide
Version: 8.5
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Vojtech Polasek
QA Contact: Milan Lysonek
Mirek Jahoda
Depends On:
Blocks: 2028432 2028435
TreeView+ depends on / blocked
Reported: 2021-12-02 11:46 UTC by Matus Marhefka
Modified: 2023-02-16 16:43 UTC (History)
9 users (show)

Fixed In Version: scap-security-guide-0.1.60-1.el8
Doc Type: Known Issue
Doc Text:
.CVE OVAL feeds are now only in the compressed format, and data streams are not in the SCAP 1.3 standard Red Hat provides CVE OVAL feeds in the bzip2-compressed format and are no longer available in the XML file format. Because referencing compressed content is not standardized in the Security Content Automation Protocol (SCAP) 1.3 specification, third-party SCAP scanners can have problems scanning rules that use the feed.
Clone Of:
: 2028432 2028435 (view as bug list)
Last Closed: 2022-05-10 14:15:29 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-104545 0 None None None 2021-12-02 11:51:25 UTC
Red Hat Product Errata RHBA-2022:1900 0 None None None 2022-05-10 14:15:52 UTC

Comment 5 Evgeny Kolesnikov 2022-02-02 10:10:59 UTC
The scapval utility is not happy with xml.bz2 extension and it does not understand its contents, but we don't really care.

Comment 12 errata-xmlrpc 2022-05-10 14:15:29 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (scap-security-guide bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.