diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv index 8d25090..1bde41b 100644 --- a/reports/ghaf-23.06/data.csv +++ b/reports/ghaf-23.06/data.csv @@ -81,10 +81,10 @@ https://github.com/NixOS/nixpkgs/pull/266382" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38633","https://nvd.nist.gov/vuln/detail/CVE-2023-38633","librsvg","5.5","2.55.1","2.57.0","2.57.0","librsvg","2023A0000038633","False","Nixpkgs fix PR: https://github.com/NixOS/nixpkgs/pull/246763.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/246763 https://github.com/NixOS/nixpkgs/pull/246860" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.4.0","8.4.0.6","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 https://github.com/NixOS/nixpkgs/pull/254963 https://github.com/NixOS/nixpkgs/pull/260378" @@ -474,10 +474,10 @@ https://github.com/NixOS/nixpkgs/pull/266382" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.42.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 diff --git a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md index b726508..37e4f9c 100644 --- a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md @@ -107,17 +107,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -213,10 +203,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-38633](https://nvd.nist.gov/vuln/detail/CVE-2023-38633) | librsvg | 5.5 | 2.55.1 | 2.57.0 | 2.57.0 | Nixpkgs fix PR: [link](https://github.com/NixOS/nixpkgs/pull/246763). *[[PR](https://github.com/NixOS/nixpkgs/pull/246763), [PR](https://github.com/NixOS/nixpkgs/pull/246860)]* | | [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | +| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-26966](https://nvd.nist.gov/vuln/detail/CVE-2023-26966) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-26965](https://nvd.nist.gov/vuln/detail/CVE-2023-26965) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | diff --git a/reports/ghaf-23.09/data.csv b/reports/ghaf-23.09/data.csv index 9ba5dda..4fc0a70 100644 --- a/reports/ghaf-23.09/data.csv +++ b/reports/ghaf-23.09/data.csv @@ -73,10 +73,10 @@ https://github.com/NixOS/nixpkgs/pull/266382" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.4.0","8.4.0.6","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 https://github.com/NixOS/nixpkgs/pull/254963 https://github.com/NixOS/nixpkgs/pull/260378" @@ -89,7 +89,8 @@ https://github.com/NixOS/nixpkgs/pull/265047" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31972","https://nvd.nist.gov/vuln/detail/CVE-2023-31972","yasm","5.5","1.3.0","","","","2023A0000031972","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31794","https://nvd.nist.gov/vuln/detail/CVE-2023-31794","mupdf","5.5","1.21.1","1.23.5","1.23.6","mupdf","2023A0000031794","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261113 -https://github.com/NixOS/nixpkgs/pull/269556" +https://github.com/NixOS/nixpkgs/pull/269556 +https://github.com/NixOS/nixpkgs/pull/270154" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0-env","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31484","https://nvd.nist.gov/vuln/detail/CVE-2023-31484","perl","8.1","5.36.0-env","5.38.0","5.38.1","perl","2023A0000031484","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/241848 @@ -419,10 +420,10 @@ https://github.com/NixOS/nixpkgs/pull/266382" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.42.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 @@ -432,7 +433,8 @@ https://github.com/NixOS/nixpkgs/pull/265047" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31972","https://nvd.nist.gov/vuln/detail/CVE-2023-31972","yasm","5.5","1.3.0","","","","2023A0000031972","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31794","https://nvd.nist.gov/vuln/detail/CVE-2023-31794","mupdf","5.5","1.21.1","1.23.5","1.23.6","mupdf","2023A0000031794","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261113 -https://github.com/NixOS/nixpkgs/pull/269556" +https://github.com/NixOS/nixpkgs/pull/269556 +https://github.com/NixOS/nixpkgs/pull/270154" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0-env","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31484","https://nvd.nist.gov/vuln/detail/CVE-2023-31484","perl","8.1","5.36.0-env","5.38.0","5.38.1","perl","2023A0000031484","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/241848 diff --git a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md index 9624b9a..c45c930 100644 --- a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md @@ -74,17 +74,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -162,11 +152,11 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556)]* | +| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556), [PR](https://github.com/NixOS/nixpkgs/pull/270154)]* | | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | diff --git a/reports/main/data.csv b/reports/main/data.csv index da485a7..29c823f 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -45,10 +45,10 @@ https://github.com/NixOS/nixpkgs/pull/266382" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.42.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 @@ -58,7 +58,8 @@ https://github.com/NixOS/nixpkgs/pull/265047" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31972","https://nvd.nist.gov/vuln/detail/CVE-2023-31972","yasm","5.5","1.3.0","","","","2023A0000031972","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31794","https://nvd.nist.gov/vuln/detail/CVE-2023-31794","mupdf","5.5","1.21.1","1.23.5","1.23.6","mupdf","2023A0000031794","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261113 -https://github.com/NixOS/nixpkgs/pull/269556" +https://github.com/NixOS/nixpkgs/pull/269556 +https://github.com/NixOS/nixpkgs/pull/270154" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0-env","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-31484","https://nvd.nist.gov/vuln/detail/CVE-2023-31484","perl","8.1","5.36.0-env","5.38.0","5.38.1","perl","2023A0000031484","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/241848 @@ -145,7 +146,7 @@ https://github.com/NixOS/nixpkgs/pull/268532" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.5","8.1.2","8.1.3","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261753 https://github.com/NixOS/nixpkgs/pull/267666 https://github.com/NixOS/nixpkgs/pull/269013" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3603","https://nvd.nist.gov/vuln/detail/CVE-2023-3603","libssh","6.5","0.10.5","","","","2023A0000003603","True","Based on https://security-tracker.debian.org/tracker/CVE-2023-3603 and https://bugzilla.redhat.com/show_bug.cgi?id=2221791, vulnerable code is not present in 0.10.5 or any currently released version.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3354","https://nvd.nist.gov/vuln/detail/CVE-2023-3354","qemu","7.5","8.0.5","8.1.2","8.1.3","qemu","2023A0000003354","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/248659 https://github.com/NixOS/nixpkgs/pull/261753 @@ -487,10 +488,10 @@ https://github.com/NixOS/nixpkgs/pull/266382" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.42.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-35945","https://nvd.nist.gov/vuln/detail/CVE-2023-35945","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000035945","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/219712 https://github.com/NixOS/nixpkgs/pull/246068 @@ -500,7 +501,8 @@ https://github.com/NixOS/nixpkgs/pull/265047" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31972","https://nvd.nist.gov/vuln/detail/CVE-2023-31972","yasm","5.5","1.3.0","","","","2023A0000031972","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31794","https://nvd.nist.gov/vuln/detail/CVE-2023-31794","mupdf","5.5","1.21.1","1.23.5","1.23.6","mupdf","2023A0000031794","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261113 -https://github.com/NixOS/nixpkgs/pull/269556" +https://github.com/NixOS/nixpkgs/pull/269556 +https://github.com/NixOS/nixpkgs/pull/270154" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0-env","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-31484","https://nvd.nist.gov/vuln/detail/CVE-2023-31484","perl","8.1","5.36.0-env","5.38.0","5.38.1","perl","2023A0000031484","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/241848 @@ -917,10 +919,10 @@ https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38858","https://nvd.nist.gov/vuln/detail/CVE-2023-38858","faad2","6.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038858","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38857","https://nvd.nist.gov/vuln/detail/CVE-2023-38857","faad2","5.5","2.10.1","2.10.1","2.11.1","faad2","2023A0000038857","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/267515" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38473","https://nvd.nist.gov/vuln/detail/CVE-2023-38473","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038473","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38472","https://nvd.nist.gov/vuln/detail/CVE-2023-38472","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038472","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-37769","https://nvd.nist.gov/vuln/detail/CVE-2023-37769","pixman","6.5","0.42.2","0.42.2","0.42.2","pixman","2023A0000037769","False","See: https://gitlab.freedesktop.org/pixman/pixman/-/issues/76: ""This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable"".","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31975","https://nvd.nist.gov/vuln/detail/CVE-2023-31975","yasm","3.3","1.3.0","","","","2023A0000031975","True","Memory leak in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index 0310f64..8fcc696 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/e906daa848dacc3ee516269e59b7befe0163b017. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/76711b838b451ed64c84706a8ae06870e1045143. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -69,17 +69,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index cc4f0cf..2b3ea16 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/e906daa848dacc3ee516269e59b7befe0163b017. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/76711b838b451ed64c84706a8ae06870e1045143. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -64,7 +64,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013)]* | | [CVE-2023-4135](https://nvd.nist.gov/vuln/detail/CVE-2023-4135) | qemu | 6.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed upstream in 8.1.0. *[[PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013)]* | | [CVE-2023-3180](https://nvd.nist.gov/vuln/detail/CVE-2023-3180) | qemu | 6.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013)]* | -| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556)]* | +| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556), [PR](https://github.com/NixOS/nixpkgs/pull/270154)]* | | [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2130 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532)]* | | [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2130 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532)]* | | [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2130 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532)]* | @@ -88,17 +88,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2130 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -226,11 +216,11 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | | -| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556)]* | +| [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | +| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556), [PR](https://github.com/NixOS/nixpkgs/pull/270154)]* | | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | |