@@ -529,26 +529,31 @@ The `remediations` object provides additional information about the previously i
529529remediations status are available per ` product_status ` category:
530530
531531* ` fixed `
532+
532533 * ` vendor_fix ` : For all the product IDs with a fixed product status there will be a corresponding entry
533534 in the remediations object that correlates each full product ID to the correct RHSAs. The RHSA can be determined by
534535 the ` url ` field.
535- * Details: ` Fixed `
536- * URL : Link to the RHSA
536+ * ` details ` : Advisory specific information
537+ * ` url ` : Link to the RHSA
537538 * ` workaround ` : If a mitigation exists, it applies to all components regardless of their fix state.
538- * Details: ` Mitigation `
539+ * ` details ` : The mitigation statement
540+
539541* ` known_affected `
542+
540543 * ` no_fix_planned ` : Will include any product IDs with the known affected product status that will not be fixed by Red
541544 Hat, either because it is out of support scope or the engineering team has decided not to fix it for other reasons.
542- * Details: ` Will not fix ` or ` Out of support scope `
545+ * ` details ` : " Will not fix" or " Out of support scope"
543546 * ` none_available ` : Will include any product IDs with the known affected product status that are either still reported
544- affected, meaning a fix is likely in progress, or deferred, which may be fixed at a future date.
545- * Details: ` Affected ` or ` Deferred `
547+ affected, meaning a fix is likely in progress, or deferred, which may be fixed at a future date.
548+ * ` details ` : " Affected" or " Deferred"
546549 * ` workaround ` : If a mitigation exists, it applies to all components regardless of their fix state.
547- * Details: ` Mitigation `
550+ * ` details ` : The mitigation statement
551+
548552* ` known_not_affected ` : There are no remediation objects for the known not affected status since it is implicitly
549- assumed that there are no remediations needed if the product and component are not affected.
553+ assumed that no remediation is needed if the product and component are not affected.
554+
550555* ` under_investigation ` : There are no remediation objects for the under investigation status since it is implicitly
551- assumed that no remediations exist since we are still investigating the vulnerability .
556+ assumed that no remediation exist while still under investigation .
552557
553558Note: As with the ` product_status ` object, there may not be a ` remediations ` entry for every category. Additionally,
554559in VEX files, there may be more than one ` vendor_fix ` object if more than one RHSA released fixes for the CVE. In the
0 commit comments