Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Feb 2, 2024
1 parent 4831bda commit 533ff8e
Show file tree
Hide file tree
Showing 7 changed files with 97 additions and 93 deletions.
6 changes: 4 additions & 2 deletions reports/ghaf-23.09/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -231,7 +231,8 @@ https://github.com/NixOS/nixpkgs/pull/284489"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6683","https://nvd.nist.gov/vuln/detail/CVE-2023-6683","qemu","6.5","8.0.4","8.2.0","8.2.1","qemu","2023A0000006683","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6246","https://nvd.nist.gov/vuln/detail/CVE-2023-6246","glibc","7.8","2.37-8","2.38-27","2.39","glibc","2023A0000006246","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285050
https://github.com/NixOS/nixpkgs/pull/285329"
https://github.com/NixOS/nixpkgs/pull/285329
https://github.com/NixOS/nixpkgs/pull/285587"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6228","https://nvd.nist.gov/vuln/detail/CVE-2023-6228","libtiff","5.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006228","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.10","3.2.0","3.2.1","openssl","2023A0000006129","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285019
https://github.com/NixOS/nixpkgs/pull/285027"
Expand Down Expand Up @@ -686,7 +687,8 @@ https://github.com/NixOS/nixpkgs/pull/284489"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6683","https://nvd.nist.gov/vuln/detail/CVE-2023-6683","qemu","6.5","8.0.5","8.2.0","8.2.1","qemu","2023A0000006683","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6246","https://nvd.nist.gov/vuln/detail/CVE-2023-6246","glibc","7.8","2.37-45","2.38-27","2.39","glibc","2023A0000006246","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285050
https://github.com/NixOS/nixpkgs/pull/285329"
https://github.com/NixOS/nixpkgs/pull/285329
https://github.com/NixOS/nixpkgs/pull/285587"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6228","https://nvd.nist.gov/vuln/detail/CVE-2023-6228","libtiff","5.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006228","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6129","https://nvd.nist.gov/vuln/detail/CVE-2023-6129","openssl","6.5","3.0.12","3.2.0","3.2.1","openssl","2023A0000006129","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/285019
https://github.com/NixOS/nixpkgs/pull/285027"
Expand Down
10 changes: 2 additions & 8 deletions reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,13 +88,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:


| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------|
| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.37-8 | 2.38-27 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
| [CVE-2023-52356](https://nvd.nist.gov/vuln/detail/CVE-2023-52356) | libtiff | 7.5 | 4.5.1 | 4.6.0 | 4.6.0 | |
| [CVE-2023-52355](https://nvd.nist.gov/vuln/detail/CVE-2023-52355) | libtiff | 7.5 | 4.5.1 | 4.6.0 | 4.6.0 | |

```No vulnerabilities```


## All Vulnerabilities Impacting Ghaf
Expand Down Expand Up @@ -126,7 +120,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* |
| [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* |
| [CVE-2023-42915](https://nvd.nist.gov/vuln/detail/CVE-2023-42915) | curl | 7.8 | 8.1.1 | 8.5.0 | 8.6.0 | |
| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.37-8 | 2.38-27 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329)]* |
| [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.37-8 | 2.38-27 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587)]* |
| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.1.0004 | 9.1.0067 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276595), [PR](https://github.com/NixOS/nixpkgs/pull/284984)]* |
| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/285019)]* |
| [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* |
Expand Down
Loading

0 comments on commit 533ff8e

Please sign in to comment.