Comment 11 for bug 1658759

With ocsap from github CVE-2015-5180 is marked Unknown.
The full statistics is:
  Non-Compliant/Vulnerable/Unpatched = 0,
  Compliant/Non-Vulnerable/Patched = 1988,
  Error = 0,
  Unknown = 6389,
  Other = 1.

With oscap from official repository:
  Non-Compliant/Vulnerable/Unpatched = 354 (11 high, 229 medium, 102 low, 12 negligible),
  Compliant/Non-Vulnerable/Patched = 6829,
  Error = 0,
  Unknown = 1194,
  Other = 1.
Here some CVEs contain references to Android, Qualcomm, aarch64, PuTTY (and WinSCP), but I do not understand this (I'm using amd64 laptop).
I have Wireshark installed, oscap reports CVEs in it. I removed it. Unpatched decreased to 264, Patched increased to 6919. So wireshark has 90 unpatched CVEs. But openscap from github does not change values.

I'll use oscap from official package libopenscap8.

As answer to your comment 10 I can say that CVEs 2012-2150, 2017-8386, 2014-8111 (https://lists.ubuntu.com/archives/ubuntu-hardened/2017-July/000940.html) are marked fixed in my results. I read this conversation and understood it.

So It seems that you are right.
Thank you, Tyler!
This bug is fixed.