Automatic vulnerability report update

tiiuae · Dec 15, 2023 · 456d14a · 456d14a
1 parent 14f7bd7
commit 456d14a
Show file tree

Hide file tree

Showing 7 changed files with 40 additions and 68 deletions.
diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv
@@ -38,7 +38,7 @@ https://github.com/NixOS/nixpkgs/pull/271373"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 
 https://github.com/NixOS/nixpkgs/pull/263083"
-"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.3","libxml2","2023A0000045322","False","","fix_update_to_version_upstream",""
+"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.3","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 
 https://github.com/NixOS/nixpkgs/pull/272411"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.4","1.21.5","1.21.5","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 
@@ -356,9 +356,9 @@ https://github.com/NixOS/nixpkgs/pull/270931"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-1168","https://osv.dev/OSV-2022-1168","gstreamer","","1.22.3","1.22.7","1.22.7","gstreamer","2022A0000001168","False","","err_not_vulnerable_based_on_repology",""
-"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.70","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
+"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.71","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.5","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
-"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.70","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
+"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.71","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","","","","2022A0000000842","False","Unclear if this is still valid.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.1","0.8.2","0.8.2","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
@@ -505,7 +505,7 @@ https://github.com/NixOS/nixpkgs/pull/271373"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 
 https://github.com/NixOS/nixpkgs/pull/263083"
-"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.3","libxml2","2023A0000045322","False","","fix_update_to_version_upstream",""
+"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.3","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45287","https://nvd.nist.gov/vuln/detail/CVE-2023-45287","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000045287","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 
 https://github.com/NixOS/nixpkgs/pull/272411"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45285","https://nvd.nist.gov/vuln/detail/CVE-2023-45285","go","7.5","1.20.8","1.21.5","1.21.5","go","2023A0000045285","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/272362 
@@ -726,9 +726,9 @@ https://github.com/NixOS/nixpkgs/pull/170659"
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version",""
-"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.70","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
+"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.70","5.71","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.5","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
-"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.70","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
+"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.70","5.71","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","","","","2022A0000000842","False","Unclear if this is still valid.","err_missing_repology_version",""
 "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.8.2","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology",""