From 981631503af7f5bfa083b9c526efa64e150d7dad Mon Sep 17 00:00:00 2001
From: James Sulinski <james@federacy.com>
Date: Thu, 9 Feb 2017 21:21:45 -0800
Subject: [PATCH] Add leniancy to the version matching for debian to account
 for versions without the "+" when package maintainers aren't using them.

---
 scan/debian.go | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/scan/debian.go b/scan/debian.go
index 77b3d6c7..924cf209 100644
--- a/scan/debian.go
+++ b/scan/debian.go
@@ -592,19 +592,28 @@ func (o *debian) parseChangelog(changelog string,
 	cveRe := regexp.MustCompile(`(CVE-\d{4}-\d{4,})`)
 	stopRe := regexp.MustCompile(fmt.Sprintf(`\(%s\)`, regexp.QuoteMeta(versionOrLater)))
 	stopLineFound := false
+	leniantStopLineFound := false
+	versionOrLaterLeniant := versionOrLater
+	if i := strings.IndexRune(versionOrLaterLeniant, '+'); i >= 0 {
+		versionOrLaterLeniant = versionOrLaterLeniant[:i]
+	}
+	leniantRe := regexp.MustCompile(fmt.Sprintf(`\(%s\)`, regexp.QuoteMeta(versionOrLaterLeniant)))
 	lines := strings.Split(changelog, "\n")
 	for _, line := range lines {
 		if matche := stopRe.MatchString(line); matche {
 			//  o.log.Debugf("Found the stop line: %s", line)
 			stopLineFound = true
 			break
+		} else if matchel := leniantRe.MatchString(line); matchel {
+			leniantStopLineFound = true
+			break
 		} else if matches := cveRe.FindAllString(line, -1); 0 < len(matches) {
 			for _, m := range matches {
 				cveIDs = util.AppendIfMissing(cveIDs, m)
 			}
 		}
 	}
-	if !stopLineFound {
+	if !stopLineFound && !leniantStopLineFound {
 		return []string{}, fmt.Errorf(
 			"Failed to scan CVE IDs. The version is not in changelog. name: %s, version: %s",
 			packName,