Comment 20 for bug 1911791

Hey Brian,

I ran the following test on Xenial, Bionic, Focal and Groovy with archive openscap and openscap from -proposed and compared the results:
$ wget https://people.canonical.com/~ubuntu-security/oval/com.ubuntu.$(lsb_release -cs).cve.oval.xml.bz2
$ bunzip2 com.ubuntu.$(lsb_release -cs).cve.oval.xml.bz2
$ oscap oval eval --report report.htm com.ubuntu.$(lsb_release -cs).cve.oval.xml

For Xenial the results are the same with both versions of openscap, which means the changes didn't introduce a regression so far. Same is true for Focal.

For Bionic the results differ:
 - With the archive openscap I get 607 vulnerabilities still needing a fix, while the -proposed version returns 606 vulnerabilities still needs a fix. The difference is CVE-2017-9763 and I could check that this is a false positive with archive openscap, which means that -proposed version fixed it.

For Groovy the results also differ:
 - With archive openscap I get 220 vulnerabilities still needing a fix, while the -proposed version returns 211 vulnerabilities still needs a fix. The differences are:
         CVE-2020-14803
         CVE-2020-14798
         CVE-2020-14797
         CVE-2020-14796
         CVE-2020-14792
         CVE-2020-14782
         CVE-2020-14781
         CVE-2020-14779
         CVE-2019-18348
   And I could check that those were all false positives with archive openscap, which means that -proposed version fixed it.

Hope this helps, let me know in case of doubts.