Merge pull request #155 from usiusi360/Fix-CVE-ID-is-truncated-to-4-digits

Fix CVE-ID is truncated to 4 digits

scan/debian.go

@@ -589,7 +589,7 @@ func (o *debian) getCveIDParsingChangelog(changelog string,
 func (o *debian) parseChangelog(changelog string,
 	packName string, versionOrLater string) (cveIDs []string, err error) {
 
-	cveRe, _ := regexp.Compile(`(CVE-\d{4}-\d{4})`)
+	cveRe, _ := regexp.Compile(`(CVE-\d{4}-\d{4,})`)
 	stopRe, _ := regexp.Compile(fmt.Sprintf(`\(%s\)`, regexp.QuoteMeta(versionOrLater)))
 	stopLineFound := false
 	lines := strings.Split(changelog, "\n")

scan/redhat.go

@@ -867,7 +867,7 @@ func (o *redhat) parseYumUpdateinfoHeaderAmazon(line string) (a models.DistroAdv
 }
 
 func (o *redhat) parseYumUpdateinfoLineToGetCveIDs(line string) []string {
-	re, _ := regexp.Compile(`(CVE-\d{4}-\d{4})`)
+	re, _ := regexp.Compile(`(CVE-\d{4}-\d{4,})`)
 	return re.FindAllString(line, -1)
 }