diff --git a/reports/ghaf-23.09/data.csv b/reports/ghaf-23.09/data.csv index b8d1bb4..bef3d13 100644 --- a/reports/ghaf-23.09/data.csv +++ b/reports/ghaf-23.09/data.csv @@ -100,9 +100,9 @@ https://github.com/NixOS/nixpkgs/pull/292998" https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0075","9.1.0151","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/284984 https://github.com/NixOS/nixpkgs/pull/291707" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","7.1.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 @@ -216,7 +216,7 @@ https://github.com/NixOS/nixpkgs/pull/293580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38471","https://nvd.nist.gov/vuln/detail/CVE-2023-38471","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038471","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38470","https://nvd.nist.gov/vuln/detail/CVE-2023-38470","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038470","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38469","https://nvd.nist.gov/vuln/detail/CVE-2023-38469","avahi","5.5","0.8","0.8","0.8","avahi","2023A0000038469","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/269599" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.6.0","8.6.0","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-38039","https://nvd.nist.gov/vuln/detail/CVE-2023-38039","curl","7.5","8.1.1","8.6.0","8.6.0.3","curl","2023A0000038039","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254962 https://github.com/NixOS/nixpkgs/pull/254963 https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" @@ -655,9 +655,9 @@ https://github.com/NixOS/nixpkgs/pull/292998" https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.1.0075","9.1.0151","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/284984 https://github.com/NixOS/nixpkgs/pull/291707" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","7.1.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 diff --git a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md index 57e913e..655e350 100644 --- a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md @@ -37,7 +37,7 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.14.0 | 1.14.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189), [PR](https://github.com/NixOS/nixpkgs/pull/283362)]* | -| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.24 | 9.18.24 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/289816)]* | | [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.24 | 9.18.24 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/288662), [PR](https://github.com/NixOS/nixpkgs/pull/289816)]* | @@ -168,7 +168,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.7 | 1.22.0 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.22.0 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262738), [PR](https://github.com/NixOS/nixpkgs/pull/263279), [PR](https://github.com/NixOS/nixpkgs/pull/278073), [PR](https://github.com/NixOS/nixpkgs/pull/286248)]* | | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | go | 7.5 | 1.20.7 | 1.22.0 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/286849), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | -| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.59.0 | 1.60.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047), [PR](https://github.com/NixOS/nixpkgs/pull/292580)]* | | [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779) | glibc | 7.5 | 2.37-8 | 2.38-44 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/287594)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | @@ -188,7 +188,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.6 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.3p2 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.1.1 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.1.1 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.12.5 | 2.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202211 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202211 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | @@ -251,7 +251,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.1.0075 | 9.1.0151 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/284984), [PR](https://github.com/NixOS/nixpkgs/pull/291707)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.43.1 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.22.0 | 1.22.1 | | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.22.0 | 1.22.1 | | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.7 | 1.22.0 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286849), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | diff --git a/reports/ghaf-23.12/data.csv b/reports/ghaf-23.12/data.csv index 077651f..b7ab13e 100644 --- a/reports/ghaf-23.12/data.csv +++ b/reports/ghaf-23.12/data.csv @@ -130,9 +130,9 @@ https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0075","9.1.0151","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/284984 https://github.com/NixOS/nixpkgs/pull/291707" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 @@ -620,9 +620,9 @@ https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905 https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 diff --git a/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md index 117d5b0..8e3db5b 100644 --- a/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md @@ -144,7 +144,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905), [PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905), [PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905), [PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | @@ -155,7 +155,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0075 | 9.1.0151 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284984), [PR](https://github.com/NixOS/nixpkgs/pull/291707)]* | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -304,7 +304,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | @@ -417,7 +417,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.29 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.1 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 124.0b5 | 123.0.1 | | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.0 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286849), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0b5 | 123.0.1 | | diff --git a/reports/main/data.csv b/reports/main/data.csv index f299a25..975fe97 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -130,9 +130,9 @@ https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0075","9.1.0151","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/284984 https://github.com/NixOS/nixpkgs/pull/291707" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 @@ -620,9 +620,9 @@ https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/271905 https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 @@ -1496,9 +1496,9 @@ https://github.com/NixOS/nixpkgs/pull/291707" https://github.com/NixOS/nixpkgs/pull/271223" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0075","9.1.0151","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/284984 https://github.com/NixOS/nixpkgs/pull/291707" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 @@ -1669,9 +1669,9 @@ https://github.com/NixOS/nixpkgs/pull/291707" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0075","9.1.0151","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/284984 https://github.com/NixOS/nixpkgs/pull/291707" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/292662" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.6.0.3","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3.1","1.3.1","zlib","2023A0000045853","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262722 diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index 3d17f5a..b78088c 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/9f767a78cc94c59f47ba1fd24b08dcaeda2fbfc1. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/7de031276fd177fae50406b1137bb1323515c218. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -74,9 +74,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0075 | 9.1.0151 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284984), [PR](https://github.com/NixOS/nixpkgs/pull/291707)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.9.1 | 0.10.1 | Unclear if this is still valid. | @@ -131,7 +131,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7 | 8.1.3 | 8.2.1 | 8.2.2 | | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300)]* | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.2 | 0.43.4 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.1 | 8.2.2 | | @@ -164,7 +164,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-3164](https://nvd.nist.gov/vuln/detail/CVE-2023-3164) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.1 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-27 | 2.38-44 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/287594)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.1 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index f72b41d..2c14771 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/9f767a78cc94c59f47ba1fd24b08dcaeda2fbfc1. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/7de031276fd177fae50406b1137bb1323515c218. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -144,7 +144,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905), [PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905), [PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905), [PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | @@ -155,7 +155,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38471](https://nvd.nist.gov/vuln/detail/CVE-2023-38471) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0075 | 9.1.0151 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284984), [PR](https://github.com/NixOS/nixpkgs/pull/291707)]* | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | | [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -304,7 +304,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.6p1 | 9.6p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275249), [PR](https://github.com/NixOS/nixpkgs/pull/275399), [PR](https://github.com/NixOS/nixpkgs/pull/275587)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | @@ -417,7 +417,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.29 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.1 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 124.0b5 | 123.0.1 | | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.6.0.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.0 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286849), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0b5 | 123.0.1 | |