From 0e313d19106b032f40181057cdc2fdfb4ce6ee41 Mon Sep 17 00:00:00 2001
From: Stefan Neuhaus <dr.stefan.neuhaus@gmail.com>
Date: Tue, 21 Feb 2017 17:06:02 +0100
Subject: [PATCH] Fix issue

---
 .../dependencycheck/data/update/nvd/NvdCve20Handler.java      | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
index 92f6c2896..96b64de9d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/update/nvd/NvdCve20Handler.java
@@ -272,7 +272,9 @@ public class NvdCve20Handler extends DefaultHandler {
         final String cveName = vuln.getName();
         if (prevVersionVulnMap != null && prevVersionVulnMap.containsKey(cveName)) {
             final List<VulnerableSoftware> vulnSoftware = prevVersionVulnMap.get(cveName);
-            vuln.getVulnerableSoftware().addAll(vulnSoftware);
+            for (VulnerableSoftware vs : vulnSoftware) {
+                vuln.updateVulnerableSoftware(vs);
+            }
         }
         if (cveDB != null) {
             cveDB.updateVulnerability(vuln);