2222984 – Remote resource referenced from datastream is missing https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2

Bug 2222984 - Remote resource referenced from datastream is missing https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2

Summary: Remote resource referenced from datastream is missing https://access.redhat....

Keywords:
Status:	CLOSED DUPLICATE of bug 2223178
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	scap-security-guide
Sub Component:
Version:	9.2
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Watson Yuuma Sato
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:	2222583
Blocks:
TreeView+	depends on / blocked

Reported:	2023-07-14 18:16 UTC by Vaibhav Bhope
Modified:	2023-07-24 09:22 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	.Red Hat CVE feeds have been moved The version 1 of Red Hat CVE feeds at https://access.redhat.com/security/data/oval/ has been sunset and replaced by the version 2 of the CVE feeds located at https://access.redhat.com/security/data/oval/v2/. Consequently, the links in SCAP source data streams provided by the `scap-security-guide` package have been updated to link the new version of the Red Hat CVE feeds.
Clone Of:	2222583
Environment:
Last Closed:	2023-07-24 09:22:42 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-162399	0	None	None	None	2023-07-14 18:17:44 UTC

Description Vaibhav Bhope 2023-07-14 18:16:26 UTC

Description of problem:
When trying to scan with ssg-rhel9-ds profile, the remote resource is not available anymore on Red Hat web site:

~~~
# oscap info /usr/share/xml/scap/ssg/content/ssg-rhel9-ds.xml 2>&1 | grep 'WARNING: Skipping'
WARNING: Skipping 'https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2' file which is referenced from datastream
~~~

# wget https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2
--2023-07-14 23:42:59--  https://access.redhat.com/security/data/oval/com.redhat.rhsa-RHEL9.xml.bz2
Resolving access.redhat.com (access.redhat.com)... 23.54.83.152, 23.54.83.128, 2600:140f:6::172c:a50, ...
Connecting to access.redhat.com (access.redhat.com)|23.54.83.152|:443... connected.
HTTP request sent, awaiting response... 404 Not Found
2023-07-14 23:43:00 ERROR 404: Not Found.


Only V2 version are available in https://access.redhat.com/security/data/oval

Why the old versions have been removed, even if they are not updated anymore, they are needed for previous packages.

Version-Release number of selected component (if applicable):
scap-security-guide-0.1.66-1.el9_1.noarch
RHEL9

How reproducible:
always

Steps to Reproduce:
1. yum install scap-security-guide.noarch
2. run oscap info /usr/share/xml/scap/ssg/content/ssg-rhel8-ds.xml

Actual results:
Profile not updated

Expected results:
Remote ressource available on Red Hat web site

Additional info:

Comment 2 Vojtech Polasek 2023-07-17 13:57:12 UTC

Fixed upstream: https://github.com/ComplianceAsCode/content/pull/10842

Comment 3 Jan Černý 2023-07-24 09:22:42 UTC


*** This bug has been marked as a duplicate of bug 2223178 ***

Note You need to log in before you can comment on or make changes to this bug.