CVE-2018-20969 is not marked as fixed and continues to flag on scanning
The following CVE is being reported by our security scanning on v 2.7.6-r6.
Name: CVE-2018-20969
CVSS Score v2: 9.3
Severity: high
Description: do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.. Impacted Image File(s): patch
It appears this critical CVE was addressed under CVE-2019-13638 which has an update to the do_ed_script to block strings with leading “!” but the CVE is not added to the APKBUILD file.
The following thread from aquausecuirty notes that the original CVE was not added to apkbuild and therefore continues to flag in aqua scanning. https://github.com/aquasecurity/trivy/issues/474
Is it possible to have CVE-2018-20969 added to the APK log as fixed ?
Thanks