Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Dec 4, 2023
1 parent 4fe9757 commit 27a2c0f
Show file tree
Hide file tree
Showing 7 changed files with 306 additions and 323 deletions.
8 changes: 4 additions & 4 deletions reports/ghaf-23.06/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version",""
Expand Down Expand Up @@ -463,8 +463,8 @@ https://github.com/NixOS/nixpkgs/pull/84664"
https://github.com/NixOS/nixpkgs/pull/269131
https://github.com/NixOS/nixpkgs/pull/271642
https://github.com/NixOS/nixpkgs/pull/271643"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version",""
Expand Down
10 changes: 3 additions & 7 deletions reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,11 +108,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:


| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------|
| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | |

```No vulnerabilities```


## All Vulnerabilities Impacting Ghaf
Expand All @@ -135,8 +131,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.0 | 8.1.2 | 8.1.3 | |
| [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* |
| [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* |
| [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* |
| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* |
| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* |
Expand Down
8 changes: 4 additions & 4 deletions reports/ghaf-23.09/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@
https://github.com/NixOS/nixpkgs/pull/269131
https://github.com/NixOS/nixpkgs/pull/271642
https://github.com/NixOS/nixpkgs/pull/271643"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream",""
Expand Down Expand Up @@ -424,8 +424,8 @@ https://github.com/NixOS/nixpkgs/pull/84664"
https://github.com/NixOS/nixpkgs/pull/269131
https://github.com/NixOS/nixpkgs/pull/271642
https://github.com/NixOS/nixpkgs/pull/271643"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream",""
Expand Down
Loading

0 comments on commit 27a2c0f

Please sign in to comment.