OVAL package appears to be for EL8

Greetings,
Recently we implemented ALMA 9, and we are finding many false positives when using the OVAL feed for ALMA 9. It appears in many cases that the OVAL feed has a El8 reference. Example CVE-2024-27280:
The host is patched:

rpm -q --changelog ruby
* Tue Apr 30 2024 Jun Aruga <jaruga@redhat.com> - 3.0.7-162
- Upgrade to Ruby 3.0.7.

However in the ALMA 9 OVAL feed the comment appears incorrect.

<criterion
test_ref
="oval:org.almalinux.alsa:tst:20243671001"
comment
="ruby is earlier than 0:3.3.1-2.module_
el8
.10.0+3855+767cb125"/>

However looking at the test definitions they appear correct:
red-def:rpminfo_state id=“oval:org.almalinux.alsa:ste:20226585001” version=“635”>

<red-def:arch operation="pattern match" datatype="string">aarch64|i686|ppc64le|s390x|x86_64</red-def:arch>

<red-def:evr datatype="evr_string" operation="less than">0:3.0.4-160.el9_0</red-def:evr>

</red-def:rpminfo_state>

At this point I am uncertain if the false positive is realated to the OVAL definitions that I am unaware of, or if there is some other issue.

I’ll continue to research and update on any discoveries.
–PD