rpm-to-cve.xml file

Posted on

I am wondering what is the purpose of rpm-to-cve.xml?
If I see RHBA-2018:2652, it updated multiple rpm's and for each rpm same CVE as fix given.

RHBA-2018:2652
noarch
CVE-2018-14632
However CVE-20180-14632 addresses container related issues not related to rubygem-rest-client.
Question: Why is CVE is added to all rpm's of release though rpm's are not impacted by particular CVE.