Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Feb 9, 2024
1 parent b63930f commit 308ff7c
Show file tree
Hide file tree
Showing 7 changed files with 629 additions and 733 deletions.
106 changes: 50 additions & 56 deletions reports/ghaf-23.09/data.csv
View file

Large diffs are not rendered by default.

74 changes: 36 additions & 38 deletions reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md
View file

Large diffs are not rendered by default.

355 changes: 149 additions & 206 deletions reports/ghaf-23.12/data.csv
View file

Large diffs are not rendered by default.

221 changes: 113 additions & 108 deletions reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md
View file

Large diffs are not rendered by default.

370 changes: 158 additions & 212 deletions reports/main/data.csv
View file

Large diffs are not rendered by default.

13 changes: 9 additions & 4 deletions reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0

# Vulnerability Report

This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/58f01bc052369575faa6366cd388f7331b6ca3f6. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target.
This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/e6d5096cca2b80ae0db12e2ef4036186896e0821. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target.

This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file.

Expand Down Expand Up @@ -78,7 +78,11 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:

```No vulnerabilities```

| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------|
| [CVE-2023-52071](https://nvd.nist.gov/vuln/detail/CVE-2023-52071) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295)]* |



## All Vulnerabilities Impacting Ghaf
Expand Down Expand Up @@ -143,6 +147,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
| [CVE-2023-3164](https://nvd.nist.gov/vuln/detail/CVE-2023-3164) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | |
| [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.43.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* |
| [CVE-2023-52071](https://nvd.nist.gov/vuln/detail/CVE-2023-52071) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295)]* |
| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.5.0 | 8.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886), [PR](https://github.com/NixOS/nixpkgs/pull/285295)]* |
| [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.1 | 8.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489)]* |
| [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450), [PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* |
Expand All @@ -167,8 +172,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.1.3 | 8.2.1 | 8.2.1 | Unclear if this is still valid. |
| [OSV-2023-298](https://osv.dev/OSV-2023-298) | cairo | | 1.18.0 | 1.17.13 | 1.17.13 | |
| [OSV-2023-197](https://osv.dev/OSV-2023-197) | p11-kit | | 0.25.0 | 0.25.3 | 0.25.3 | |
| [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.8.2 | 0.9.1 | Unclear if this is still valid. |
| [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.8.2 | 0.9.1 | Unclear if this is still valid. |
| [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.8.2 | 0.9.2 | Unclear if this is still valid. |
| [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.8.2 | 0.9.2 | Unclear if this is still valid. |
| [OSV-2022-581](https://osv.dev/OSV-2022-581) | qemu | | 8.1.3 | 8.2.1 | 8.2.1 | Unclear if this is still valid. |
| [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. |
| [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.1 | 3.2.1 | |
Expand Down
Loading

0 comments on commit 308ff7c

Please sign in to comment.