False Positive: CVE-2005-2945, CVE-2005-2992

[sekveaja]

What happened:
Issue with  "package_cpe23": "cpe:2.3:a:quarkus:arc:2.7.6.Final-nordix-1:::::::*",

But Grype reported to version 5.21j  which is not the same package
 cpe:2.3:a:arc:arc:::::::: 

quarkus:arc is not arc:arc

Environment:
Anchore Grype version: 0.56.0

OS type running in the current environment i.e. (cat /etc/os-release)

cat /etc/os-release
NAME="SLES"
VERSION="15-SP3"
VERSION_ID="15.3"
PRETTY_NAME="SUSE Linux Enterprise Server 15 SP3"
ID="sles"
ID_LIKE="suse"
ANSI_COLOR="0;32"
CPE_NAME="cpe:/o:suse:sles:15:sp3"
DOCUMENTATION_URL="https://documentation.suse.com/"

[kzantow]

Hi, and apologies for the delay. We're going over old issues and wanted to see:

1. is this still an issue with the latest version of Grype?
2. are there steps you could provide to reproduce this?

Thanks!

[sekveaja]

We update our product from SLES 15 SP3 with SLES 15 SP5, at the same time Grype has evolved also.
The reported CVE is no longer shown.
You can closed this ticket.
Thank you