Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Jan 11, 2024
1 parent 8709396 commit 2268aff
Show file tree
Hide file tree
Showing 7 changed files with 240 additions and 237 deletions.
41 changes: 17 additions & 24 deletions reports/ghaf-23.06/data.csv
View file

Large diffs are not rendered by default.

53 changes: 27 additions & 26 deletions reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md
View file

Large diffs are not rendered by default.

28 changes: 12 additions & 16 deletions reports/ghaf-23.09/data.csv
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
"target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-j7hp-h8jx-5ppr","https://osv.dev/GHSA-j7hp-h8jx-5ppr","electron","","25.7.0","28.1.1","28.1.2","electron","2024A1704672000","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-7m48-wc93-9g85","https://osv.dev/GHSA-7m48-wc93-9g85","electron","","25.7.0","28.1.1","28.1.2","electron","2023A1701907200","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-qqvq-6xgj-jw8g","https://osv.dev/GHSA-qqvq-6xgj-jw8g","electron","","25.7.0","28.1.1","28.1.2","electron","2023A1696464000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/268612"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-j7hp-h8jx-5ppr","https://osv.dev/GHSA-j7hp-h8jx-5ppr","electron","","25.7.0","28.1.1","28.1.3","electron","2024A1704672000","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-7m48-wc93-9g85","https://osv.dev/GHSA-7m48-wc93-9g85","electron","","25.7.0","28.1.1","28.1.3","electron","2023A1701907200","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-qqvq-6xgj-jw8g","https://osv.dev/GHSA-qqvq-6xgj-jw8g","electron","","25.7.0","28.1.1","28.1.3","electron","2023A1696464000","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/268612"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology",""
Expand Down Expand Up @@ -70,10 +70,8 @@ https://github.com/NixOS/nixpkgs/pull/271223"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.1.0016","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532
https://github.com/NixOS/nixpkgs/pull/271373
https://github.com/NixOS/nixpkgs/pull/276595"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886
https://github.com/NixOS/nixpkgs/pull/279453"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886
https://github.com/NixOS/nixpkgs/pull/279453"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722
https://github.com/NixOS/nixpkgs/pull/263083"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.3","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/274550
Expand Down Expand Up @@ -110,7 +108,7 @@ https://github.com/NixOS/nixpkgs/pull/262022
https://github.com/NixOS/nixpkgs/pull/262738
https://github.com/NixOS/nixpkgs/pull/263279
https://github.com/NixOS/nixpkgs/pull/278073"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44402","https://nvd.nist.gov/vuln/detail/CVE-2023-44402","electron","7.0","25.7.0","28.1.1","28.1.2","electron","2023A0000044402","False","","fix_update_to_version_nixpkgs",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-44402","https://nvd.nist.gov/vuln/detail/CVE-2023-44402","electron","7.0","25.7.0","28.1.1","28.1.3","electron","2023A0000044402","False","","fix_update_to_version_nixpkgs",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.14","1.0.15","libde265","2023A0000043887","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884
https://github.com/NixOS/nixpkgs/pull/269131
https://github.com/NixOS/nixpkgs/pull/271642
Expand Down Expand Up @@ -229,6 +227,7 @@ https://github.com/NixOS/nixpkgs/pull/276559"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-7104","https://nvd.nist.gov/vuln/detail/CVE-2023-7104","sqlite","7.3","3.41.2","3.43.2","3.44.2","sqlite","2023A0000007104","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/260352
https://github.com/NixOS/nixpkgs/pull/264927
https://github.com/NixOS/nixpkgs/pull/268787"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6992","https://nvd.nist.gov/vuln/detail/CVE-2023-6992","zlib","5.5","1.2.13","1.3","1.3","zlib","2023A0000006992","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6918","https://nvd.nist.gov/vuln/detail/CVE-2023-6918","libssh2","5.3","1.11.0","1.11.0","1.11.0","libssh2","2023A0000006918","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/275250"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6918","https://nvd.nist.gov/vuln/detail/CVE-2023-6918","libssh","5.3","0.10.5","0.10.5","0.10.6","libssh","2023A0000006918","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/275250
https://github.com/NixOS/nixpkgs/pull/275603
Expand Down Expand Up @@ -304,9 +303,8 @@ https://github.com/NixOS/nixpkgs/pull/276595"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.0","2.4.6","2.4.7","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256378
https://github.com/NixOS/nixpkgs/pull/257637"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4236","https://nvd.nist.gov/vuln/detail/CVE-2023-4236","bind","7.5","9.18.16","9.18.20","9.18.21","bind","2023A0000004236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4236","https://nvd.nist.gov/vuln/detail/CVE-2023-4236","bind","7.5","9.18.16","9.18.21","9.18.21","bind","2023A0000004236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396
https://github.com/NixOS/nixpkgs/pull/256469
https://github.com/NixOS/nixpkgs/pull/268185
https://github.com/NixOS/nixpkgs/pull/275800"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.4","8.2.0","8.2.0","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/267666"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available",""
Expand All @@ -316,9 +314,8 @@ https://github.com/NixOS/nixpkgs/pull/264266"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3603","https://nvd.nist.gov/vuln/detail/CVE-2023-3603","libssh","6.5","0.10.5","","","","2023A0000003603","True","Based on https://security-tracker.debian.org/tracker/CVE-2023-3603 and https://bugzilla.redhat.com/show_bug.cgi?id=2221791, vulnerable code is not present in 0.10.5 or any currently released version.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3354","https://nvd.nist.gov/vuln/detail/CVE-2023-3354","qemu","7.5","8.0.4","8.2.0","8.2.0","qemu","2023A0000003354","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/248659
https://github.com/NixOS/nixpkgs/pull/267666"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3341","https://nvd.nist.gov/vuln/detail/CVE-2023-3341","bind","7.5","9.18.16","9.18.20","9.18.21","bind","2023A0000003341","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3341","https://nvd.nist.gov/vuln/detail/CVE-2023-3341","bind","7.5","9.18.16","9.18.21","9.18.21","bind","2023A0000003341","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396
https://github.com/NixOS/nixpkgs/pull/256469
https://github.com/NixOS/nixpkgs/pull/268185
https://github.com/NixOS/nixpkgs/pull/275800"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.4","8.2.0","8.2.0","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/248659
https://github.com/NixOS/nixpkgs/pull/267666"
Expand Down Expand Up @@ -555,10 +552,8 @@ https://github.com/NixOS/nixpkgs/pull/271223"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.1.0016","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532
https://github.com/NixOS/nixpkgs/pull/271373
https://github.com/NixOS/nixpkgs/pull/276595"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886
https://github.com/NixOS/nixpkgs/pull/279453"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886
https://github.com/NixOS/nixpkgs/pull/279453"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722
https://github.com/NixOS/nixpkgs/pull/263083"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.3","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/274550
Expand Down Expand Up @@ -682,6 +677,7 @@ https://github.com/NixOS/nixpkgs/pull/232535"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-7104","https://nvd.nist.gov/vuln/detail/CVE-2023-7104","sqlite","7.3","3.41.2","3.43.2","3.44.2","sqlite","2023A0000007104","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/260352
https://github.com/NixOS/nixpkgs/pull/264927
https://github.com/NixOS/nixpkgs/pull/268787"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6992","https://nvd.nist.gov/vuln/detail/CVE-2023-6992","zlib","5.5","1.2.13","1.3","1.3","zlib","2023A0000006992","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6918","https://nvd.nist.gov/vuln/detail/CVE-2023-6918","libssh2","5.3","1.11.0","1.11.0","1.11.0","libssh2","2023A0000006918","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/275250"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6918","https://nvd.nist.gov/vuln/detail/CVE-2023-6918","libssh","5.3","0.10.6","0.10.5","0.10.6","libssh","2023A0000006918","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/275250"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6693","https://nvd.nist.gov/vuln/detail/CVE-2023-6693","qemu","5.3","8.0.5","8.2.0","8.2.0","qemu","2023A0000006693","False","","err_not_vulnerable_based_on_repology",""
Expand Down
Loading

0 comments on commit 2268aff

Please sign in to comment.