Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Dec 27, 2024
1 parent d3650eb commit 28b090a
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 9 deletions.
5 changes: 3 additions & 2 deletions reports/main/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -170,7 +170,8 @@ https://github.com/NixOS/nixpkgs/pull/274071"
https://github.com/NixOS/nixpkgs/pull/346060
https://github.com/NixOS/nixpkgs/pull/349220
https://github.com/NixOS/nixpkgs/pull/352826"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","20.3.4-source","24.0","24.3.1","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","20.3.4-source","24.0","24.3.1","pip","2023A0000005752","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/276928
https://github.com/NixOS/nixpkgs/pull/368263"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-40","7.1.1-40","7.1.1.43","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","13.3.0","13.3.0","14.2.0","gcc","2023A0000004039","False","","fix_not_available",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-3297","https://nvd.nist.gov/vuln/detail/CVE-2023-3297","accountsservice","7.8","23.13.9","23.13.9","23.13.9","accountsservice","2023A0000003297","False","","err_not_vulnerable_based_on_repology",""
Expand Down Expand Up @@ -454,7 +455,7 @@ https://github.com/NixOS/nixpkgs/pull/363310"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3670","https://nvd.nist.gov/vuln/detail/CVE-2021-3670","samba","6.5","4.20.4","4.20.4","4.21.2","samba","2021A0000003670","False","","fix_not_available",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.10","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.10","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3572","https://nvd.nist.gov/vuln/detail/CVE-2021-3572","pip","5.7","20.3.4-source","24.0","24.3.1","pip","2021A0000003572","False","","fix_update_to_version_nixpkgs",""
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3572","https://nvd.nist.gov/vuln/detail/CVE-2021-3572","pip","5.7","20.3.4-source","24.0","24.3.1","pip","2021A0000003572","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/368263"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3177","https://nvd.nist.gov/vuln/detail/CVE-2021-3177","python","9.8","2.7.18.8","3.13.1","3.13.1","python","2021A0000003177","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/201859"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5-r8.cabal","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146"
"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2021-3024","https://nvd.nist.gov/vuln/detail/CVE-2021-3024","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2021A0000003024","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/112146"
Expand Down
10 changes: 3 additions & 7 deletions reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,11 +48,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:


| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------|
| [OSV-2022-1108](https://osv.dev/OSV-2022-1108) | ruby | | 3.3.5 | 3.4.0-preview2 | 3.4.1 | |

```No vulnerabilities```


## All Vulnerabilities Impacting Ghaf
Expand Down Expand Up @@ -265,7 +261,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* |
| [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 75.1.1 | 75.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/354579), [PR](https://github.com/NixOS/nixpkgs/pull/356664)]* |
| [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336) | python | 5.9 | 2.7.18.8 | 3.13.1 | 3.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/117037), [PR](https://github.com/NixOS/nixpkgs/pull/117082), [PR](https://github.com/NixOS/nixpkgs/pull/118403), [PR](https://github.com/NixOS/nixpkgs/pull/173833), [PR](https://github.com/NixOS/nixpkgs/pull/363310)]* |
| [CVE-2021-3572](https://nvd.nist.gov/vuln/detail/CVE-2021-3572) | pip | 5.7 | 20.3.4-source | 24.0 | 24.3.1 | |
| [CVE-2021-3572](https://nvd.nist.gov/vuln/detail/CVE-2021-3572) | pip | 5.7 | 20.3.4-source | 24.0 | 24.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/368263)]* |
| [CVE-2024-50612](https://nvd.nist.gov/vuln/detail/CVE-2024-50612) | libsndfile | 5.5 | 1.2.2 | 1.2.2 | 1.2.2 | |
| [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789) | go | 5.5 | 1.21.0-linux-amd | 1.24rc1 | 1.23.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/365046)]* |
| [CVE-2024-8354](https://nvd.nist.gov/vuln/detail/CVE-2024-8354) | qemu | 5.5 | 9.1.1 | 9.1.2 | 9.2.0 | |
Expand Down Expand Up @@ -349,7 +345,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2021-33594](https://nvd.nist.gov/vuln/detail/CVE-2021-33594) | safe | 3.5 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | |
| [CVE-2021-33594](https://nvd.nist.gov/vuln/detail/CVE-2021-33594) | safe | 3.5 | 0.3.21 | 0.3.21 | 0.3.21 | |
| [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 3.3 | 4.7.0 | 4.7.0 | 4.7.0 | |
| [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 20.3.4-source | 24.0 | 24.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928)]* |
| [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 20.3.4-source | 24.0 | 24.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928), [PR](https://github.com/NixOS/nixpkgs/pull/368263)]* |
| [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 3.3 | 9.1.1 | 9.1.2 | 9.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). |
| [GHSA-pxg6-pf52-xh8x](https://osv.dev/GHSA-pxg6-pf52-xh8x) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | |
| [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.5 | 2.2.5 | 2.2.5 | |
Expand Down

0 comments on commit 28b090a

Please sign in to comment.