Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Apr 10, 2024
1 parent 634e870 commit 656c943
Show file tree
Hide file tree
Showing 7 changed files with 318 additions and 2,136 deletions.
66 changes: 33 additions & 33 deletions reports/ghaf-23.12/data.csv
View file

Large diffs are not rendered by default.

44 changes: 22 additions & 22 deletions reports/ghaf-23.12/packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md
View file

Large diffs are not rendered by default.

1,524 changes: 34 additions & 1,490 deletions reports/ghaf-24.03/data.csv
View file

Large diffs are not rendered by default.

422 changes: 208 additions & 214 deletions reports/ghaf-24.03/packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md
View file

Large diffs are not rendered by default.

382 changes: 13 additions & 369 deletions reports/main/data.csv
View file

Large diffs are not rendered by default.

6 changes: 3 additions & 3 deletions reports/main/packages.aarch64-linux.nvidia-jetson-orin-nx-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,8 +101,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.5 | 8.2.2 | 8.2.2 | |
| [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 123.0.1 | 124.0.2 | 124.0.2 | |
| [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-arm | 1.22.1 | 1.22.2 | |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xorg-server | 7.8 | 21.1.11 | 21.1.12 | 21.1.12 | |
| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xorg-server | 7.8 | 21.1.11 | 21.1.12 | 21.1.12 | *[[PR](https://github.com/NixOS/nixpkgs/pull/302930)]* |
| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0296 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
| [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* |
Expand Down Expand Up @@ -262,7 +262,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 9.5.0 | 13.2.0 | 13.2.0 | |
| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | |
| [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 123.0.1 | 124.0.2 | 124.0.2 | |
| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0296 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* |
| [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* |
| [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* |
Expand Down
10 changes: 5 additions & 5 deletions reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla

| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xwayland | 7.8 | 23.2.4 | 23.2.5 | 23.2.6 | |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xwayland | 7.8 | 23.2.4 | 23.2.5 | 23.2.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/302930)]* |
| [CVE-2024-31081](https://nvd.nist.gov/vuln/detail/CVE-2024-31081) | xwayland | 7.3 | 23.2.4 | 23.2.5 | 23.2.6 | |
| [CVE-2024-31080](https://nvd.nist.gov/vuln/detail/CVE-2024-31080) | xwayland | 7.3 | 23.2.4 | 23.2.5 | 23.2.6 | |
| [CVE-2023-40660](https://nvd.nist.gov/vuln/detail/CVE-2023-40660) | opensc | 6.6 | 0.23.0 | 0.25.0 | 0.25.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/273975), [PR](https://github.com/NixOS/nixpkgs/pull/293711), [PR](https://github.com/NixOS/nixpkgs/pull/293788), [PR](https://github.com/NixOS/nixpkgs/pull/301842)]* |
Expand Down Expand Up @@ -135,9 +135,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2022-37966](https://nvd.nist.gov/vuln/detail/CVE-2022-37966) | samba | 8.1 | 4.19.2 | 4.20.0 | 4.20.0 | |
| [CVE-2022-4428](https://nvd.nist.gov/vuln/detail/CVE-2022-4428) | warp | 8.0 | 3.3.25-r1.cabal | 3.4.0 | | |
| [CVE-2022-4428](https://nvd.nist.gov/vuln/detail/CVE-2022-4428) | warp | 8.0 | 3.3.25 | 3.4.0 | | |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xwayland | 7.8 | 23.2.4 | 23.2.5 | 23.2.6 | |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xorg-server | 7.8 | 21.1.11 | 21.1.12 | 21.1.12 | |
| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xwayland | 7.8 | 23.2.4 | 23.2.5 | 23.2.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/302930)]* |
| [CVE-2024-31083](https://nvd.nist.gov/vuln/detail/CVE-2024-31083) | xorg-server | 7.8 | 21.1.11 | 21.1.12 | 21.1.12 | *[[PR](https://github.com/NixOS/nixpkgs/pull/302930)]* |
| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0296 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
| [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 7.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* |
| [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* |
Expand Down Expand Up @@ -354,7 +354,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.8 | 1.22.1 | 1.22.2 | |
| [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.22.1 | 1.22.2 | |
| [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | |
| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0283 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0296 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* |
| [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r5.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* |
| [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* |
| [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.19 | 0.3.21 | 0.3.21 | |
Expand Down

0 comments on commit 656c943

Please sign in to comment.