diff --git a/reports/main/data.csv b/reports/main/data.csv index c13479f..50b4486 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -1,8 +1,8 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0678","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0679","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0678","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0679","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-35326","https://nvd.nist.gov/vuln/detail/CVE-2024-35326","libyaml","9.8","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035326","False","","fix_not_available","" @@ -56,10 +56,14 @@ https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248 https://github.com/NixOS/nixpkgs/pull/298640" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-41940","https://nvd.nist.gov/vuln/detail/CVE-2023-41940","tap","5.4","1.0.1","0.77","0.77","texlive:tap","2023A0000041940","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.2.1","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2023-40217","https://nvd.nist.gov/vuln/detail/CVE-2023-40217","python","5.3","2.7.18.8","3.13.0rc1","3.12.5","python","2023A0000040217","False","","fix_update_to_version_nixpkgs","" @@ -451,9 +455,9 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2002-0059","https://nvd.nist.gov/vuln/detail/CVE-2002-0059","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2002A0000000059","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-1999-0475","https://nvd.nist.gov/vuln/detail/CVE-1999-0475","procmail","","3.24","3.24","3.24","procmail","1999A0000000475","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0678","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0679","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0678","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0679","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-35326","https://nvd.nist.gov/vuln/detail/CVE-2024-35326","libyaml","9.8","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035326","False","","fix_not_available","" @@ -507,10 +511,14 @@ https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248 https://github.com/NixOS/nixpkgs/pull/298640" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41940","https://nvd.nist.gov/vuln/detail/CVE-2023-41940","tap","5.4","1.0.1","0.77","0.77","texlive:tap","2023A0000041940","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.2.1","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-40217","https://nvd.nist.gov/vuln/detail/CVE-2023-40217","python","5.3","2.7.18.8","3.13.0rc1","3.12.5","python","2023A0000040217","False","","fix_update_to_version_nixpkgs","" @@ -902,9 +910,9 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2002-0059","https://nvd.nist.gov/vuln/detail/CVE-2002-0059","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2002A0000000059","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-1999-0475","https://nvd.nist.gov/vuln/detail/CVE-1999-0475","procmail","","3.24","3.24","3.24","procmail","1999A0000000475","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0678","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0679","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0678","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0679","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-35326","https://nvd.nist.gov/vuln/detail/CVE-2024-35326","libyaml","9.8","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035326","False","","fix_not_available","" @@ -951,10 +959,14 @@ https://github.com/NixOS/nixpkgs/pull/263279 https://github.com/NixOS/nixpkgs/pull/278073 https://github.com/NixOS/nixpkgs/pull/286248 https://github.com/NixOS/nixpkgs/pull/298640" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42363","https://nvd.nist.gov/vuln/detail/CVE-2023-42363","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042363","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/334899 +https://github.com/NixOS/nixpkgs/pull/335388" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41940","https://nvd.nist.gov/vuln/detail/CVE-2023-41940","tap","5.4","1.0.1","0.77","0.77","texlive:tap","2023A0000041940","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.2.1","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-40217","https://nvd.nist.gov/vuln/detail/CVE-2023-40217","python","5.3","2.7.18.8","3.13.0rc1","3.12.5","python","2023A0000040217","False","","fix_update_to_version_nixpkgs","" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index f6f6041..90e08e4 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -58,12 +58,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|----------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [OSV-2024-919](https://osv.dev/OSV-2024-919) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | -| [OSV-2024-831](https://osv.dev/OSV-2024-831) | jq | | 1.7.1 | 1.7.1 | 1.7.1 | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -219,10 +214,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-6923](https://nvd.nist.gov/vuln/detail/CVE-2024-6923) | python | 5.5 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335172)]* | | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | | | | -| [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899)]* | -| [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899)]* | -| [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899)]* | -| [CVE-2023-42363](https://nvd.nist.gov/vuln/detail/CVE-2023-42363) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899)]* | +| [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899), [PR](https://github.com/NixOS/nixpkgs/pull/335388)]* | +| [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899), [PR](https://github.com/NixOS/nixpkgs/pull/335388)]* | +| [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899), [PR](https://github.com/NixOS/nixpkgs/pull/335388)]* | +| [CVE-2023-42363](https://nvd.nist.gov/vuln/detail/CVE-2023-42363) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/334899), [PR](https://github.com/NixOS/nixpkgs/pull/335388)]* | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3.1 | 1.3.1 | 1.3.1 | | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 0.6.3.0-r4.cabal | 0.7.1.0 | 0.7.1.0 | | | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 0.6.3.0 | 0.7.1.0 | 0.7.1.0 | | @@ -245,7 +240,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.45.2 | 2.45.2 | 2.46.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0595 | 9.1.0678 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0595 | 9.1.0679 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217) | python | 5.3 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.15 | 2.15 | 2.15 | | | [CVE-2022-41316](https://nvd.nist.gov/vuln/detail/CVE-2022-41316) | vault | 5.3 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | | @@ -277,7 +272,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2018-14628](https://nvd.nist.gov/vuln/detail/CVE-2018-14628) | samba | 4.3 | 4.20.1 | 4.20.1 | 4.20.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270419)]* | -| [CVE-2024-41965](https://nvd.nist.gov/vuln/detail/CVE-2024-41965) | vim | 4.2 | 9.1.0595 | 9.1.0595 | 9.1.0678 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [CVE-2024-41965](https://nvd.nist.gov/vuln/detail/CVE-2024-41965) | vim | 4.2 | 9.1.0595 | 9.1.0595 | 9.1.0679 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* |