Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Nov 27, 2023
1 parent 64f0e1f commit 5affc78
Show file tree
Hide file tree
Showing 7 changed files with 58 additions and 94 deletions.
16 changes: 8 additions & 8 deletions reports/ghaf-23.06/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,10 +81,10 @@ https://github.com/NixOS/nixpkgs/pull/266382"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38633","https://nvd.nist.gov/vuln/detail/CVE-2023-38633","librsvg","5.5","2.55.1","2.57.0","2.57.0","librsvg","2023A0000038633","False","Nixpkgs fix PR: https://github.com/NixOS/nixpkgs/pull/246763.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/246763
https://github.com/NixOS/nixpkgs/pull/246860"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.4.0","8.4.0.6","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962
https://github.com/NixOS/nixpkgs/pull/254963
https://github.com/NixOS/nixpkgs/pull/260378"
Expand Down Expand Up @@ -474,10 +474,10 @@ https://github.com/NixOS/nixpkgs/pull/266382"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.42.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712
https://github.com/NixOS/nixpkgs/pull/246068
Expand Down
20 changes: 5 additions & 15 deletions reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,17 +107,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:


| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------|
| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |
| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |
| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |
| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |
| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |
| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |
| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | |

```No vulnerabilities```


## All Vulnerabilities Impacting Ghaf
Expand Down Expand Up @@ -213,10 +203,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* |
| [CVE-2023-38633](https://nvd.nist.gov/vuln/detail/CVE-2023-38633) | librsvg | 5.5 | 2.55.1 | 2.57.0 | 2.57.0 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/246763). *[[PR](https://github.com/NixOS/nixpkgs/pull/246763), [PR](https://github.com/NixOS/nixpkgs/pull/246860)]* |
| [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* |
| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | |
| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | |
| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | |
| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | |
| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* |
| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* |
| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* |
| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* |
| [CVE-2023-26966](https://nvd.nist.gov/vuln/detail/CVE-2023-26966) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* |
| [CVE-2023-26965](https://nvd.nist.gov/vuln/detail/CVE-2023-26965) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* |
| [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | |
Expand Down
Loading

0 comments on commit 5affc78

Please sign in to comment.