Commit graph

1 commit

Author SHA1 Message Date
fb2ae7d903 checker: suppress CVE warnings for vendor-backported OpenSSH fixes
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/tag Build is passing
Distributions backport security fixes without bumping the upstream
OpenSSH version, so a banner like "OpenSSH_9.2p1 Debian-2+deb12u3" was
wrongly flagged for regreSSHion despite carrying the fix.

Thread the banner vendor comment into analyseBannerVulns and add a
per-CVE VendorFixes table recording the earliest patched package
revision per distro/upstream version. Revisions are compared with a
faithful port of dpkg's verrevcmp ordering. Populated for CVE-2024-6387
from DSA-5724-1 (Debian) and USN-6859-1 (Ubuntu).
2026-06-18 16:55:19 +09:00