[paolomainardi]

This is a very interesting point, the vulnerability scan tool used on the article is this one: https://github.com/anchore/grype-db/blob/main/DEVELOPING.md and here you can see how it works: https://anchore.com/blog/build-your-own-grype-database As you can see there is a database specifically designed for Debian to take in charge the naming convention.

[necovek]

Thanks: it's not trivially clear how I could try it out to check if it works well: it seems to use Debian security tracker to note which CVEs have been fixed, so version numbering scheme should not come into play.

I'll try to find some time later to play with it in depth as it seems to be an interesting set of tools!