bluez.advisories.yaml

schema-version: 2.0.2

package:
  name: bluez

advisories:
  - id: CGA-3jqj-627p-65xx
    aliases:
      - CVE-2020-24490
    events:
      - timestamp: 2024-01-09T00:55:00Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: bluez-dev
            componentID: 428edca272d462c1
            componentName: bluez-dev
            componentVersion: 5.68-r1
            componentType: apk
            componentLocation: /.PKGINFO
            scanner: grype
      - timestamp: 2024-04-02T10:30:00Z
        type: false-positive-determination
        data:
          type: component-vulnerability-mismatch
          note: The vulnerable code is in the linux kernel, Wolfi doesn't ship a kernel. The Kernel fix for this CVE can be found here https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e