From 4fe9757cdafa320ed80d09c03d95ddb5f05e793b Mon Sep 17 00:00:00 2001 From: henrirosten Date: Sun, 3 Dec 2023 03:45:12 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/ghaf-23.06/data.csv | 102 +++---- ...ges.x86_64-linux.generic-x86_64-release.md | 54 ++-- reports/ghaf-23.09/data.csv | 110 ++++---- ...ges.x86_64-linux.generic-x86_64-release.md | 58 ++-- reports/main/data.csv | 253 ++++++++++-------- ...cv64-linux.microchip-icicle-kit-release.md | 83 +++--- ...ges.x86_64-linux.generic-x86_64-release.md | 89 +++--- 7 files changed, 395 insertions(+), 354 deletions(-) diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv index 656f193..534acf6 100644 --- a/reports/ghaf-23.06/data.csv +++ b/reports/ghaf-23.06/data.csv @@ -6,23 +6,24 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-7x97-j373-85x5","https://osv.dev/GHSA-7x97-j373-85x5","electron","","25.1.1","27.0.0","27.1.3","electron","2023A1693958400","False","Nixpkgs fix PR: https://github.com/NixOS/nixpkgs/pull/251189.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.4","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.4","1.21.4","1.21.4","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" @@ -166,15 +167,15 @@ https://github.com/NixOS/nixpkgs/pull/261791" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.0","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.9","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.9","3.1.4","3.2.0","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" @@ -189,35 +190,35 @@ https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" @@ -278,13 +279,13 @@ https://github.com/NixOS/nixpkgs/pull/268185" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2828","https://nvd.nist.gov/vuln/detail/CVE-2023-2828","bind","7.5","9.18.14","9.18.20","9.18.20","bind","2023A0000002828","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/239161 https://github.com/NixOS/nixpkgs/pull/268185" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.0","8.1.2","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1999","https://nvd.nist.gov/vuln/detail/CVE-2023-1999","libwebp","7.5","1.3.0","1.3.2","1.3.2","libwebp","2023A0000001999","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255102 @@ -449,25 +450,28 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.12","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.4","1.21.4","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" @@ -488,7 +492,9 @@ https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/262718 https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.12","1.0.14","libde265","2023A0000043887","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","" @@ -563,13 +569,13 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 @@ -579,35 +585,35 @@ https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/268612" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7","8.0.5","8.1.2","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" @@ -627,13 +633,13 @@ https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.3","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" diff --git a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md index 31fd3ea..fe5f049 100644 --- a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md @@ -109,10 +109,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-----------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | | -| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 27.0.0 | 27.1.3 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | @@ -139,17 +138,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.0 | 8.1.2 | 8.1.3 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.4 | 1.21.4 | 1.21.4 | | | [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | | @@ -162,7 +161,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-35790](https://nvd.nist.gov/vuln/detail/CVE-2023-35790) | libjxl | 7.5 | 0.8.1 | 0.8.2 | 0.8.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/237913), [PR](https://github.com/NixOS/nixpkgs/pull/238274)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.14 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.0 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | @@ -179,7 +178,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.0.0 | 8.1.2 | 8.1.3 | | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | | [CVE-2023-39956](https://nvd.nist.gov/vuln/detail/CVE-2023-39956) | electron | 6.6 | 25.1.1 | 27.0.0 | 27.1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264191)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269060)]* | | [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | @@ -202,7 +201,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.0 | 6.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.0 | 6.1 | | | [CVE-2023-46316](https://nvd.nist.gov/vuln/detail/CVE-2023-46316) | traceroute | 5.5 | 2.1.2 | | | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -228,12 +227,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.1 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | @@ -246,13 +245,14 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.1.4 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | | [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.1 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/259826), [PR](https://github.com/NixOS/nixpkgs/pull/264349)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.2.1 | 23.3.1 | | | [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 27.0.0 | 27.1.3 | | diff --git a/reports/ghaf-23.09/data.csv b/reports/ghaf-23.09/data.csv index a137377..f857485 100644 --- a/reports/ghaf-23.09/data.csv +++ b/reports/ghaf-23.09/data.csv @@ -5,24 +5,27 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.12","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.7","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.7","1.21.4","1.21.4","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" @@ -47,7 +50,9 @@ https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/262718 https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.12","1.0.14","libde265","2023A0000043887","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-43789","https://nvd.nist.gov/vuln/detail/CVE-2023-43789","libXpm","5.5","3.5.15","3.5.17","3.5.17","libxpm","2023A0000043789","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/258841 https://github.com/NixOS/nixpkgs/pull/258996" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-43788","https://nvd.nist.gov/vuln/detail/CVE-2023-43788","libXpm","5.5","3.5.15","3.5.17","3.5.17","libxpm","2023A0000043788","False","","err_not_vulnerable_based_on_repology","" @@ -143,15 +148,15 @@ https://github.com/NixOS/nixpkgs/pull/264349" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.10","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.10","3.1.4","3.2.0","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" @@ -166,35 +171,35 @@ https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" @@ -225,13 +230,13 @@ https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.4","8.1.2","8.1.3","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.4","8.1.2","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.4","8.1.2","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" @@ -406,24 +411,27 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.12","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.4","1.21.4","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" @@ -444,7 +452,9 @@ https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/262718 https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.12","1.0.14","libde265","2023A0000043887","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","" @@ -522,13 +532,13 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 @@ -538,35 +548,35 @@ https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/268612" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7","8.0.5","8.1.2","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" @@ -586,13 +596,13 @@ https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.3","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" diff --git a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md index 1e1ea5d..ff28cd5 100644 --- a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md @@ -76,10 +76,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-----------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | | -| [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 27.0.0 | 27.1.3 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | @@ -98,23 +97,23 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 9.8 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/266382)]* | | [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863) | libwebp | 8.8 | 1.3.1 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255339), [PR](https://github.com/NixOS/nixpkgs/pull/255786), [PR](https://github.com/NixOS/nixpkgs/pull/255959), [PR](https://github.com/NixOS/nixpkgs/pull/258217), [PR](https://github.com/NixOS/nixpkgs/pull/258430)]* | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.4 | 8.1.2 | 8.1.3 | | -| [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131)]* | +| [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.4 | 8.1.2 | 8.1.3 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.7 | 1.21.4 | 1.21.4 | | | [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | | @@ -126,7 +125,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.4.0.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.4 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | @@ -136,8 +135,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.0.4 | 8.1.2 | 8.1.3 | | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.0 | 2.4.6 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | | +| [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269060)]* | | [CVE-2023-41175](https://nvd.nist.gov/vuln/detail/CVE-2023-41175) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | @@ -155,7 +154,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/266382)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.0 | 6.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.0 | 6.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -176,10 +175,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.21.4 | 1.21.4 | | @@ -188,13 +187,14 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/266382)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.10 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.1 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/259826), [PR](https://github.com/NixOS/nixpkgs/pull/264349)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.2.1 | 23.3.1 | | | [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 27.0.0 | 27.1.3 | | diff --git a/reports/main/data.csv b/reports/main/data.csv index 11e5b71..5807787 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -3,24 +3,27 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.70.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.12","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.4","1.21.4","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" @@ -41,7 +44,9 @@ https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/262718 https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.12","1.0.14","libde265","2023A0000043887","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","" @@ -120,15 +125,16 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-19","7.1.1-21","7.1.1.21","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 @@ -136,35 +142,35 @@ https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/268612" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7","8.0.5","8.1.2","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" @@ -184,13 +190,13 @@ https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.3","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" @@ -474,24 +480,27 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.70.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.12","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.20.8","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45284","https://nvd.nist.gov/vuln/detail/CVE-2023-45284","go","5.3","1.17.13-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000045284","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45283","https://nvd.nist.gov/vuln/detail/CVE-2023-45283","go","7.5","1.20.8","1.21.4","1.21.4","go","2023A0000045283","False","","err_not_vulnerable_based_on_repology","" @@ -512,7 +521,9 @@ https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/262718 https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.12","1.0.14","libde265","2023A0000043887","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","" @@ -591,15 +602,16 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-19","7.1.1-21","7.1.1.21","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 @@ -607,35 +619,35 @@ https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/268612" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7","8.0.5","8.1.2","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" @@ -655,13 +667,13 @@ https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.3","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" @@ -945,32 +957,37 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.12","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","6.0","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/270429" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","go","7.5","1.21.0-linux-amd64-bootstrap","1.21.4","1.21.4","go","2023A0000044487","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262713 https://github.com/NixOS/nixpkgs/pull/262718 https://github.com/NixOS/nixpkgs/pull/262738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-43887","https://nvd.nist.gov/vuln/detail/CVE-2023-43887","libde265","8.1","1.0.12","1.0.12","1.0.14","libde265","2023A0000043887","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/268884 -https://github.com/NixOS/nixpkgs/pull/269131" +https://github.com/NixOS/nixpkgs/pull/269131 +https://github.com/NixOS/nixpkgs/pull/271642 +https://github.com/NixOS/nixpkgs/pull/271643" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","" @@ -1012,6 +1029,7 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25584","https://nvd.nist.gov/vuln/detail/CVE-2023-25584","binutils","7.1","2.40","2.40","2.41","binutils","2023A0000025584","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5341","https://nvd.nist.gov/vuln/detail/CVE-2023-5341","imagemagick","5.5","7.1.1-21","7.1.1-21","7.1.1.21","imagemagick","2023A0000005341","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 @@ -1301,18 +1319,19 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","120.0","121.0b4","120.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262713 @@ -1343,57 +1362,57 @@ https://github.com/NixOS/nixpkgs/pull/264349" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" @@ -1437,18 +1456,19 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.10.4","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-44487","https://nvd.nist.gov/vuln/detail/CVE-2023-44487","nghttp2","7.5","1.51.0","1.57.0","1.58.0","nghttp2","2023A0000044487","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259329 https://github.com/NixOS/nixpkgs/pull/262022 https://github.com/NixOS/nixpkgs/pull/262713 @@ -1479,57 +1499,57 @@ https://github.com/NixOS/nixpkgs/pull/264349" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2138","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2048","9.0.2143","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/261952 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" @@ -1574,18 +1594,19 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048237","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048236","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048235","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048234","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048233","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048232","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000048231","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048237","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048236","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048235","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048234","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048233","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048232","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000048231","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2048","9.0.2138","vim","2023A0000046246","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2048","9.0.2143","vim","2023A0000046246","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.11.5","2.12.1","libxml2","2023A0000045322","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269060" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42366","https://nvd.nist.gov/vuln/detail/CVE-2023-42366","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042366","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42365","https://nvd.nist.gov/vuln/detail/CVE-2023-42365","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042365","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-42364","https://nvd.nist.gov/vuln/detail/CVE-2023-42364","busybox","5.5","1.36.1","1.36.1","1.36.1","busybox","2023A0000042364","False","","fix_not_available","" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index 2532369..61b4258 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/1f31a530d39a52abfa37a72520687370515c8ced. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/d66ba54ac7e7401b5d0d8b29024a0bf44246e1c5. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -41,22 +41,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | vuln_id | package | severity | version_local | nix_unstable | upstream | comment | |-------------------------------------------------------------------|------------|------------|-----------------|----------------|------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.1 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/259826), [PR](https://github.com/NixOS/nixpkgs/pull/264349)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.2.1 | 23.3.1 | | @@ -70,9 +70,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-----------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | @@ -87,26 +87,26 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base |-------------------------------------------------------------------|------------|------------|------------------|------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.2.13 | 1.3 | 1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-45 | | | | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269060)]* | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | | | [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.37-45 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -115,20 +115,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.1 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/259826), [PR](https://github.com/NixOS/nixpkgs/pull/264349)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.2.1 | 23.3.1 | | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index 81c7165..1c88f88 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/1f31a530d39a52abfa37a72520687370515c8ced. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/d66ba54ac7e7401b5d0d8b29024a0bf44246e1c5. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -44,30 +44,30 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 9.8 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/266382)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.20.8 | 1.21.4 | 1.21.4 | | | [CVE-2023-45283](https://nvd.nist.gov/vuln/detail/CVE-2023-45283) | go | 7.5 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.8 | 1.21.4 | 1.21.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | | [CVE-2023-4135](https://nvd.nist.gov/vuln/detail/CVE-2023-4135) | qemu | 6.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed upstream in 8.1.0. *[[PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | | [CVE-2023-3180](https://nvd.nist.gov/vuln/detail/CVE-2023-3180) | qemu | 6.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | | [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.5 | 1.23.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261113), [PR](https://github.com/NixOS/nixpkgs/pull/269556), [PR](https://github.com/NixOS/nixpkgs/pull/270154)]* | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.8 | 1.21.4 | 1.21.4 | | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.4 | 1.21.4 | | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | @@ -89,9 +89,10 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-----------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-------------|------------|-----------------|----------------|------------|-----------| +| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-19 | 7.1.1-21 | 7.1.1.21 | | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | @@ -121,21 +122,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-19 | 7.1.1-21 | 7.1.1.21 | | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.5 | 8.1.2 | 8.1.3 | | | [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 120.0 | 121.0b4 | 120.0.1 | | -| [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131)]* | +| [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402), [PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270429)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.5 | 8.1.2 | 8.1.3 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.44 | | | | | [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-19 | 7.1.1-21 | 7.1.1.21 | | @@ -158,7 +159,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.89 | 2.89 | | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-45 | | | | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.5 | 8.1.2 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | | [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264177)]* | @@ -171,8 +172,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7 | 8.0.5 | 8.1.2 | 8.1.3 | | -| [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131)]* | -| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | | +| [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.12 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643)]* | +| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.12.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269060)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.10.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.42.2 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.5.1 | 4.6.0 | 4.6.0 | | @@ -222,7 +223,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.0 | 6.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.0 | 6.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -238,9 +239,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2138 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5341](https://nvd.nist.gov/vuln/detail/CVE-2023-5341) | imagemagick | 5.5 | 7.1.1-19 | 7.1.1-21 | 7.1.1.21 | | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2048 | 9.0.2143 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/261952), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-19 | 7.1.1-21 | 7.1.1.21 | | | [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-19 | 7.1.1-21 | 7.1.1.21 | | @@ -268,13 +270,14 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0 | 121.0b4 | 120.0.1 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0 | 121.0b4 | 120.0.1 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2138 | | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2048 | 9.0.2143 | | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* |