diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv index dae412b..66cb9e5 100644 --- a/reports/ghaf-23.06/data.csv +++ b/reports/ghaf-23.06/data.csv @@ -97,14 +97,14 @@ https://github.com/NixOS/nixpkgs/pull/255959" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.37-8","2.38","glibc","2023A0000004527","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.8","2.4.2","2.4.6","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/256378 https://github.com/NixOS/nixpkgs/pull/257637" @@ -149,9 +149,9 @@ https://github.com/NixOS/nixpkgs/pull/256469" https://github.com/NixOS/nixpkgs/pull/256396 https://github.com/NixOS/nixpkgs/pull/256469" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.0","8.1.1","8.1.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1999","https://nvd.nist.gov/vuln/detail/CVE-2023-1999","libwebp","7.5","1.3.0","1.3.2","1.3.2","libwebp","2023A0000001999","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255102 https://github.com/NixOS/nixpkgs/pull/255169" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1916","https://nvd.nist.gov/vuln/detail/CVE-2023-1916","libtiff","6.1","4.5.0","4.5.1","4.6.0","tiff","2023A0000001916","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/239544 @@ -199,9 +199,9 @@ https://github.com/NixOS/nixpkgs/pull/239595" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-1168","https://osv.dev/OSV-2022-1168","gstreamer","","1.22.3","1.22.5","1.22.6","gstreamer","2022A0000001168","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.69","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.70","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.5","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.69","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.70","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","5.6.3","5.6.3","wolfssl","2022A0000000842","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.1","0.8.2","0.8.2","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -371,14 +371,14 @@ https://github.com/NixOS/nixpkgs/pull/232535" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.37-8","2.38","glibc","2023A0000004527","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.8","2.4.6","2.4.6","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/256378 https://github.com/NixOS/nixpkgs/pull/257637" @@ -391,9 +391,9 @@ https://github.com/NixOS/nixpkgs/pull/256150" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.1","8.1.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.1","8.1.1","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -446,9 +446,9 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.69","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.70","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.5","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.69","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.70","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","5.6.3","5.6.3","wolfssl","2022A0000000842","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.8.2","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" diff --git a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md index 6a7010b..3cb9b17 100644 --- a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md @@ -115,16 +115,16 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.1.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.8 | 2.4.2 | 2.4.6 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.0 | 8.1.1 | 8.1.1 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2023-39533](https://nvd.nist.gov/vuln/detail/CVE-2023-39533) | go | 7.5 | 1.20.4 | 1.21.1 | 1.21.1 | It's unclear if the vulnerable go pacakge 'go-libp2p' is actually used by anything Ghaf depends-on. The issue is included here, since NVD CPE refers go compiler 'golang:go' up to version 1.20.6. As soon as the nixpkgs PR that updates to go 1.20.7 ([link](https://github.com/NixOS/nixpkgs/pull/246663)) is in Ghaf, this issue should no longer be included in the reports. *[[PR](https://github.com/NixOS/nixpkgs/pull/253738)]* | | [CVE-2023-39533](https://nvd.nist.gov/vuln/detail/CVE-2023-39533) | go | 7.5 | 1.17.13-linux-am | 1.21.1 | 1.21.1 | It's unclear if the vulnerable go pacakge 'go-libp2p' is actually used by anything Ghaf depends-on. The issue is included here, since NVD CPE refers go compiler 'golang:go' up to version 1.20.6. As soon as the nixpkgs PR that updates to go 1.20.7 ([link](https://github.com/NixOS/nixpkgs/pull/246663)) is in Ghaf, this issue should no longer be included in the reports. *[[PR](https://github.com/NixOS/nixpkgs/pull/253738)]* | @@ -173,8 +173,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150)]* | | [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/254764)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.42.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | @@ -193,9 +193,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.0.0 | 8.1.1 | 8.1.1 | Unclear if this is still valid. | | [OSV-2023-101](https://osv.dev/OSV-2023-101) | qemu | | 8.0.0 | 8.1.1 | 8.1.1 | Fixed in qemu 8.0.4: [link](https://github.com/NixOS/nixpkgs/pull/248659). | | [OSV-2022-1168](https://osv.dev/OSV-2022-1168) | gstreamer | | 1.22.3 | 1.22.5 | 1.22.6 | | -| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.66 | 5.69 | Unclear if this is still valid. | +| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.66 | 5.70 | Unclear if this is still valid. | | [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.5 | 3.6.5 | 3.6.5 | Unclear if this is still valid. | -| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.66 | 5.69 | Unclear if this is still valid. | +| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.66 | 5.70 | Unclear if this is still valid. | | [OSV-2022-842](https://osv.dev/OSV-2022-842) | wolfssl | | 5.5.4 | 5.6.3 | 5.6.3 | Unclear if this is still valid. | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.1 | 0.8.2 | 0.8.2 | Unclear if this is still valid. | | [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.1 | 0.8.2 | 0.8.2 | Unclear if this is still valid. | diff --git a/reports/main/data.csv b/reports/main/data.csv index c563c9b..973fd03 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -3,8 +3,6 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-40360","https://nvd.nist.gov/vuln/detail/CVE-2023-40360","qemu","5.5","8.0.4","8.1.1","8.1.1","qemu","2023A0000040360","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/251154 -https://github.com/NixOS/nixpkgs/pull/256632" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39533","https://nvd.nist.gov/vuln/detail/CVE-2023-39533","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.1","go","2023A0000039533","False","It's unclear if the vulnerable go pacakge 'go-libp2p' is actually used by anything Ghaf depends-on. The issue is included here, since NVD CPE refers go compiler 'golang:go' up to version 1.20.6. As soon as the nixpkgs PR that updates to go 1.20.7 (https://github.com/NixOS/nixpkgs/pull/246663) is in Ghaf, this issue should no longer be included in the reports.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.1","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738" @@ -62,37 +60,33 @@ https://github.com/NixOS/nixpkgs/pull/232535" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.37-8","2.38","glibc","2023A0000004527","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.8","2.4.6","2.4.6","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/256378 https://github.com/NixOS/nixpkgs/pull/257637" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4236","https://nvd.nist.gov/vuln/detail/CVE-2023-4236","bind","7.5","9.18.16","9.18.19","9.18.19","bind","2023A0000004236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396 -https://github.com/NixOS/nixpkgs/pull/256469" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.4","8.1.1","8.1.1","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","4.6.4","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3603","https://nvd.nist.gov/vuln/detail/CVE-2023-3603","libssh","6.5","0.10.5","","","","2023A0000003603","True","Based on https://security-tracker.debian.org/tracker/CVE-2023-3603 and https://bugzilla.redhat.com/show_bug.cgi?id=2221791, vulnerable code is not present in 0.10.5 or any currently released version.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3354","https://nvd.nist.gov/vuln/detail/CVE-2023-3354","qemu","7.5","8.0.4","8.1.1","8.1.1","qemu","2023A0000003354","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3341","https://nvd.nist.gov/vuln/detail/CVE-2023-3341","bind","7.5","9.18.16","9.18.19","9.18.19","bind","2023A0000003341","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396 -https://github.com/NixOS/nixpkgs/pull/256469" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.4","8.1.1","8.1.1","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.4","8.1.1","8.1.1","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.4","8.1.1","8.1.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.4","8.1.1","8.1.1","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3354","https://nvd.nist.gov/vuln/detail/CVE-2023-3354","qemu","7.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003354","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.1","8.1.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.1","8.1.1","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","8.0.4","8.1.1","8.1.1","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","8.0.5","8.1.1","8.1.1","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-184","https://osv.dev/OSV-2023-184","libraw","","0.21.1","0.21.1","0.21.1","libraw","2023A0000000184","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","7.2.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-90","https://osv.dev/OSV-2023-90","libraw","","0.21.1","0.21.1","0.21.1","libraw","2023A0000000090","False","","err_not_vulnerable_based_on_repology","" @@ -136,7 +130,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-26691","https://nvd.nist.gov/vuln/detail/CVE-2022-26691","cups","6.7","2.4.6","","","","2022A0000026691","True","Fixed in nixpkgs with PR: https://github.com/NixOS/nixpkgs/pull/174898.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-26592","https://nvd.nist.gov/vuln/detail/CVE-2022-26592","libsass","8.8","3.6.5","","","","2022A0000026592","True","Pending upstream fix: https://github.com/sass/libsass/issues/3174.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","MAL-2022-4301","https://osv.dev/MAL-2022-4301","libidn2","","2.3.4","","","","2022A0000004301","True","Incorrect package: Issue refers npm libidn2, whereas, nixpkgs refers libidn2 https://gitlab.com/libidn/libidn2.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","117.0.1","118.0b9","118.0.1","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-4066","https://nvd.nist.gov/vuln/detail/CVE-2022-4066","firefox","8.2","118.0","118.0b9","118.0.1","firefox","2022A0000004066","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-3965","https://nvd.nist.gov/vuln/detail/CVE-2022-3965","ffmpeg","8.1","5.1.3","","","","2022A0000003965","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 5.1.x is merged in 5.1.3 https://github.com/FFmpeg/FFmpeg/commit/7c234248f859baa35e55c3dbbb7a359eae1c5257.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-3964","https://nvd.nist.gov/vuln/detail/CVE-2022-3964","ffmpeg","8.1","5.1.3","","","","2022A0000003964","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/ad28b01a141703b831256b712e0613281b15fcf0.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-3964","https://nvd.nist.gov/vuln/detail/CVE-2022-3964","ffmpeg","8.1","4.4.4","","","","2022A0000003964","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 https://github.com/FFmpeg/FFmpeg/commit/ad28b01a141703b831256b712e0613281b15fcf0.","err_missing_repology_version","" @@ -146,15 +140,15 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.69","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.70","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.5","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.69","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.70","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","5.6.3","5.6.3","wolfssl","2022A0000000842","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.1","0.21.1","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-725","https://osv.dev/OSV-2022-725","libjxl","","0.8.2","0.8.2","0.8.2","libjxl","2022A0000000725","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-608","https://osv.dev/OSV-2022-608","libjxl","","0.8.2","0.8.2","0.8.2","libjxl","2022A0000000608","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-581","https://osv.dev/OSV-2022-581","qemu","","8.0.4","8.1.1","8.1.1","qemu","2022A0000000581","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-581","https://osv.dev/OSV-2022-581","qemu","","8.0.5","8.1.1","8.1.1","qemu","2022A0000000581","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-416","https://osv.dev/OSV-2022-416","openjpeg","","2.5.0","","","","2022A0000000416","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47500#c2.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-394","https://osv.dev/OSV-2022-394","opencv","","4.7.0","4.7.0","4.8.1","opencv","2022A0000000394","False","No attention from upstream: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47190.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2022-193","https://osv.dev/OSV-2022-193","w3m","","0.5.3+git20230121","0.5.3+git20230121","0.5.3+git20230121","w3m","2022A0000000193","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -186,12 +180,12 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-23215","https://nvd.nist.gov/vuln/detail/CVE-2021-23215","openexr","5.5","2.5.8","","","","2021A0000023215","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d which went to 2.5.5.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-23169","https://nvd.nist.gov/vuln/detail/CVE-2021-23169","openexr","8.8","2.5.8","","","","2021A0000023169","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-21684","https://nvd.nist.gov/vuln/detail/CVE-2021-21684","git","6.1","2.40.1","","","","2021A0000021684","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-20255","https://nvd.nist.gov/vuln/detail/CVE-2021-20255","qemu","5.5","8.0.4","","","","2021A0000020255","True","Upstream patch not merged: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-20255","https://nvd.nist.gov/vuln/detail/CVE-2021-20255","qemu","5.5","8.0.5","","","","2021A0000020255","True","Upstream patch not merged: https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html. No point fixing this in nixpkgs as long as it is not fixed upstream.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-4336","https://nvd.nist.gov/vuln/detail/CVE-2021-4336","ninja","9.8","1.11.1","","","","2021A0000004336","True","Incorrect package: nixpkgs 'ninja' refers https://github.com/ninja-build/ninja, not https://github.com/ITRS-Group/monitor-ninja.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-4217","https://nvd.nist.gov/vuln/detail/CVE-2021-4217","unzip","3.3","6.0","","","","2021A0000004217","True","Ignored by other distribution as 'no security impact', e.g. Debian: https://security-tracker.debian.org/tracker/CVE-2021-4217.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-3605","https://nvd.nist.gov/vuln/detail/CVE-2021-3605","openexr","5.5","2.5.8","","","","2021A0000003605","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.8","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-820","https://osv.dev/OSV-2021-820","qemu","","8.0.4","","","","2021A0000000820","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-820","https://osv.dev/OSV-2021-820","qemu","","8.0.5","","","","2021A0000000820","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-777","https://osv.dev/OSV-2021-777","libxml2","","2.10.4","","","","2021A0000000777","True","Fixed by https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325, which went to 2.9.13. Therefore, this issue is fixed in 2.10.4.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.16.2","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.5","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -229,34 +223,34 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-14559","https://nvd.nist.gov/vuln/detail/CVE-2019-14559","edk2","7.5","202211","","","","2019A0000014559","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-14553","https://nvd.nist.gov/vuln/detail/CVE-2019-14553","edk2","4.9","202211","","","","2019A0000014553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-12749","https://nvd.nist.gov/vuln/detail/CVE-2019-12749","dbus","7.1","1","","","","2019A0000012749","True","Fixed with https://github.com/NixOS/nixpkgs/pull/63021 (dbus version '1' in nixpkgs currently refers 1.14.8).","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-12067","https://nvd.nist.gov/vuln/detail/CVE-2019-12067","qemu","6.5","8.0.4","","","","2019A0000012067","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6470","https://nvd.nist.gov/vuln/detail/CVE-2019-6470","bind","7.5","9.18.16","","","","2019A0000006470","True","Not valid: https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-12067","https://nvd.nist.gov/vuln/detail/CVE-2019-12067","qemu","6.5","8.0.5","","","","2019A0000012067","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6470","https://nvd.nist.gov/vuln/detail/CVE-2019-6470","bind","7.5","9.18.19","","","","2019A0000006470","True","Not valid: https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6462","https://nvd.nist.gov/vuln/detail/CVE-2019-6462","cairo","6.5","1.16.0","","","","2019A0000006462","True","Not a valid: https://github.com/NixOS/nixpkgs/pull/218039#issuecomment-1445460129.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6461","https://nvd.nist.gov/vuln/detail/CVE-2019-6461","cairo","6.5","1.16.0","","","","2019A0000006461","True","Not valid: https://github.com/NixOS/nixpkgs/pull/218039#issuecomment-1445460129.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6293","https://nvd.nist.gov/vuln/detail/CVE-2019-6293","flex","5.5","2.6.4","","","","2019A0000006293","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-5443","https://nvd.nist.gov/vuln/detail/CVE-2019-5443","curl","7.8","0.4.44","","","","2019A0000005443","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-1000182","https://nvd.nist.gov/vuln/detail/CVE-2018-1000182","git","6.4","2.40.1","","","","2018A0001000182","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-1000110","https://nvd.nist.gov/vuln/detail/CVE-2018-1000110","git","5.3","2.40.1","","","","2018A0001000110","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-18438","https://nvd.nist.gov/vuln/detail/CVE-2018-18438","qemu","5.5","8.0.4","","","","2018A0000018438","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-18438","https://nvd.nist.gov/vuln/detail/CVE-2018-18438","qemu","5.5","8.0.5","","","","2018A0000018438","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-13410","https://nvd.nist.gov/vuln/detail/CVE-2018-13410","zip","9.8","3.0","","","","2018A0000013410","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","117.0.1","118.0b9","118.0.1","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","117.0.1","118.0b9","118.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-10229","https://nvd.nist.gov/vuln/detail/CVE-2018-10229","firefox","4.8","118.0","118.0b9","118.0.1","firefox","2018A0000010229","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-8024","https://nvd.nist.gov/vuln/detail/CVE-2018-8024","firefox","5.4","118.0","118.0b9","118.0.1","firefox","2018A0000008024","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-7263","https://nvd.nist.gov/vuln/detail/CVE-2018-7263","libmad","9.8","0.15.1b","","","","2018A0000007263","True","Based on https://github.com/NixOS/nixpkgs/issues/57154, issue is fixed by https://github.com/NixOS/nixpkgs/commit/92edb0610923fab5a9dcc59b94652f1e8a5ea1ed.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-6553","https://nvd.nist.gov/vuln/detail/CVE-2018-6553","cups","8.8","2.4.6","","","","2018A0000006553","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.3","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.3","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5511","https://nvd.nist.gov/vuln/detail/CVE-2017-5511","imagemagick","9.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2017A0000005511","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5510","https://nvd.nist.gov/vuln/detail/CVE-2017-5510","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2017A0000005510","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5509","https://nvd.nist.gov/vuln/detail/CVE-2017-5509","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2017A0000005509","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5506","https://nvd.nist.gov/vuln/detail/CVE-2017-5506","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2017A0000005506","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2017-5436","https://nvd.nist.gov/vuln/detail/CVE-2017-5436","graphite2","8.8","1.3.14","","","","2017A0000005436","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10146","https://nvd.nist.gov/vuln/detail/CVE-2016-10146","imagemagick","7.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000010146","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10145","https://nvd.nist.gov/vuln/detail/CVE-2016-10145","imagemagick","9.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000010145","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10144","https://nvd.nist.gov/vuln/detail/CVE-2016-10144","imagemagick","9.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000010144","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10141","https://nvd.nist.gov/vuln/detail/CVE-2016-10141","mujs","9.8","1.3.3","","","","2016A0000010141","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10133","https://nvd.nist.gov/vuln/detail/CVE-2016-10133","mujs","9.8","1.3.3","","","","2016A0000010133","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10132","https://nvd.nist.gov/vuln/detail/CVE-2016-10132","mujs","7.5","1.3.3","","","","2016A0000010132","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-10062","https://nvd.nist.gov/vuln/detail/CVE-2016-10062","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000010062","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9294","https://nvd.nist.gov/vuln/detail/CVE-2016-9294","mujs","7.5","1.3.3","","","","2016A0000009294","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9136","https://nvd.nist.gov/vuln/detail/CVE-2016-9136","mujs","7.5","1.3.3","","","","2016A0000009136","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9109","https://nvd.nist.gov/vuln/detail/CVE-2016-9109","mujs","7.5","1.3.3","","","","2016A0000009109","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -264,38 +258,38 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-9017","https://nvd.nist.gov/vuln/detail/CVE-2016-9017","mujs","7.5","1.3.3","","","","2016A0000009017","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7564","https://nvd.nist.gov/vuln/detail/CVE-2016-7564","mujs","7.5","1.3.3","","","","2016A0000007564","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7563","https://nvd.nist.gov/vuln/detail/CVE-2016-7563","mujs","7.5","1.3.3","","","","2016A0000007563","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7538","https://nvd.nist.gov/vuln/detail/CVE-2016-7538","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007538","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7537","https://nvd.nist.gov/vuln/detail/CVE-2016-7537","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007537","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7536","https://nvd.nist.gov/vuln/detail/CVE-2016-7536","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007536","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7535","https://nvd.nist.gov/vuln/detail/CVE-2016-7535","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007535","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7534","https://nvd.nist.gov/vuln/detail/CVE-2016-7534","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007534","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7533","https://nvd.nist.gov/vuln/detail/CVE-2016-7533","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007533","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7532","https://nvd.nist.gov/vuln/detail/CVE-2016-7532","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007532","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7531","https://nvd.nist.gov/vuln/detail/CVE-2016-7531","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007531","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7530","https://nvd.nist.gov/vuln/detail/CVE-2016-7530","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007530","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7529","https://nvd.nist.gov/vuln/detail/CVE-2016-7529","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007529","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7528","https://nvd.nist.gov/vuln/detail/CVE-2016-7528","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007528","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7527","https://nvd.nist.gov/vuln/detail/CVE-2016-7527","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007527","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7526","https://nvd.nist.gov/vuln/detail/CVE-2016-7526","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007526","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7525","https://nvd.nist.gov/vuln/detail/CVE-2016-7525","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007525","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7524","https://nvd.nist.gov/vuln/detail/CVE-2016-7524","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007524","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7523","https://nvd.nist.gov/vuln/detail/CVE-2016-7523","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007523","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7522","https://nvd.nist.gov/vuln/detail/CVE-2016-7522","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007522","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7521","https://nvd.nist.gov/vuln/detail/CVE-2016-7521","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007521","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7520","https://nvd.nist.gov/vuln/detail/CVE-2016-7520","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007520","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7519","https://nvd.nist.gov/vuln/detail/CVE-2016-7519","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007519","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7518","https://nvd.nist.gov/vuln/detail/CVE-2016-7518","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007518","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7517","https://nvd.nist.gov/vuln/detail/CVE-2016-7517","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007517","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7516","https://nvd.nist.gov/vuln/detail/CVE-2016-7516","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007516","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7515","https://nvd.nist.gov/vuln/detail/CVE-2016-7515","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007515","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7514","https://nvd.nist.gov/vuln/detail/CVE-2016-7514","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007514","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7513","https://nvd.nist.gov/vuln/detail/CVE-2016-7513","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000007513","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7506","https://nvd.nist.gov/vuln/detail/CVE-2016-7506","mujs","7.5","1.3.3","","","","2016A0000007506","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7504","https://nvd.nist.gov/vuln/detail/CVE-2016-7504","mujs","9.8","1.3.3","","","","2016A0000007504","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","117.0.1","118.0b9","118.0.1","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","117.0.1","118.0b9","118.0.1","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7153","https://nvd.nist.gov/vuln/detail/CVE-2016-7153","firefox","5.3","118.0","118.0b9","118.0.1","firefox","2016A0000007153","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-7152","https://nvd.nist.gov/vuln/detail/CVE-2016-7152","firefox","5.3","118.0","118.0b9","118.0.1","firefox","2016A0000007152","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-6131","https://nvd.nist.gov/vuln/detail/CVE-2016-6131","libiberty","7.5","12.2.0","","","","2016A0000006131","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-5118","https://nvd.nist.gov/vuln/detail/CVE-2016-5118","imagemagick","9.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2016A0000005118","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-4493","https://nvd.nist.gov/vuln/detail/CVE-2016-4493","libiberty","5.5","12.2.0","","","","2016A0000004493","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-4492","https://nvd.nist.gov/vuln/detail/CVE-2016-4492","libiberty","4.4","12.2.0","","","","2016A0000004492","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-4491","https://nvd.nist.gov/vuln/detail/CVE-2016-4491","libiberty","5.5","12.2.0","","","","2016A0000004491","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -306,64 +300,64 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-2781","https://nvd.nist.gov/vuln/detail/CVE-2016-2781","coreutils","6.5","9.1","","","","2016A0000002781","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2016-2226","https://nvd.nist.gov/vuln/detail/CVE-2016-2226","libiberty","7.8","12.2.0","","","","2016A0000002226","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2015-7313","https://nvd.nist.gov/vuln/detail/CVE-2015-7313","libtiff","5.5","4.5.1","","","","2015A0000007313","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9852","https://nvd.nist.gov/vuln/detail/CVE-2014-9852","imagemagick","9.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009852","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9848","https://nvd.nist.gov/vuln/detail/CVE-2014-9848","imagemagick","7.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009848","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9831","https://nvd.nist.gov/vuln/detail/CVE-2014-9831","imagemagick","8.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009831","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9830","https://nvd.nist.gov/vuln/detail/CVE-2014-9830","imagemagick","8.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009830","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9829","https://nvd.nist.gov/vuln/detail/CVE-2014-9829","imagemagick","6.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009829","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9828","https://nvd.nist.gov/vuln/detail/CVE-2014-9828","imagemagick","8.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009828","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9827","https://nvd.nist.gov/vuln/detail/CVE-2014-9827","imagemagick","8.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9826","https://nvd.nist.gov/vuln/detail/CVE-2014-9826","imagemagick","9.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009826","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9825","https://nvd.nist.gov/vuln/detail/CVE-2014-9825","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009825","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9824","https://nvd.nist.gov/vuln/detail/CVE-2014-9824","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009824","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9823","https://nvd.nist.gov/vuln/detail/CVE-2014-9823","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009823","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9822","https://nvd.nist.gov/vuln/detail/CVE-2014-9822","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009822","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9821","https://nvd.nist.gov/vuln/detail/CVE-2014-9821","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009821","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9820","https://nvd.nist.gov/vuln/detail/CVE-2014-9820","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009820","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9819","https://nvd.nist.gov/vuln/detail/CVE-2014-9819","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009819","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9818","https://nvd.nist.gov/vuln/detail/CVE-2014-9818","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009818","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9817","https://nvd.nist.gov/vuln/detail/CVE-2014-9817","imagemagick","7.8","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009817","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9816","https://nvd.nist.gov/vuln/detail/CVE-2014-9816","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009816","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9815","https://nvd.nist.gov/vuln/detail/CVE-2014-9815","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009815","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9814","https://nvd.nist.gov/vuln/detail/CVE-2014-9814","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009814","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9813","https://nvd.nist.gov/vuln/detail/CVE-2014-9813","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009813","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9812","https://nvd.nist.gov/vuln/detail/CVE-2014-9812","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009812","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9811","https://nvd.nist.gov/vuln/detail/CVE-2014-9811","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009811","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9810","https://nvd.nist.gov/vuln/detail/CVE-2014-9810","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009810","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9809","https://nvd.nist.gov/vuln/detail/CVE-2014-9809","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009809","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9808","https://nvd.nist.gov/vuln/detail/CVE-2014-9808","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009808","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9807","https://nvd.nist.gov/vuln/detail/CVE-2014-9807","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009807","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-9157","https://nvd.nist.gov/vuln/detail/CVE-2014-9157","graphviz","","7.1.0","","","","2014A0000009157","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","117.0.1","118.0b9","118.0.1","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-6492","https://nvd.nist.gov/vuln/detail/CVE-2014-6492","firefox","","118.0","118.0b9","118.0.1","firefox","2014A0000006492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202211","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202211","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","117.0.1","118.0b9","118.0.1","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","117.0.1","118.0b9","118.0.1","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4930","https://nvd.nist.gov/vuln/detail/CVE-2012-4930","firefox","","118.0","118.0b9","118.0.1","firefox","2012A0000004930","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-4929","https://nvd.nist.gov/vuln/detail/CVE-2012-4929","firefox","","118.0","118.0b9","118.0.1","firefox","2012A0000004929","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.2.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","117.0.1","118.0b9","118.0.1","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","117.0.1","118.0b9","118.0.1","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-3389","https://nvd.nist.gov/vuln/detail/CVE-2011-3389","firefox","","118.0","118.0b9","118.0.1","firefox","2011A0000003389","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2011-0064","https://nvd.nist.gov/vuln/detail/CVE-2011-0064","firefox","","118.0","118.0b9","118.0.1","firefox","2011A0000000064","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","117.0.1","118.0b9","118.0.1","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","117.0.1","118.0b9","118.0.1","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","117.0.1","118.0b9","118.0.1","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","117.0.1","118.0b9","118.0.1","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","117.0.1","118.0b9","118.0.1","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","117.0.1","118.0b9","118.0.1","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-15","7.1.1-18","7.1.1.18","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","117.0.1","118.0b9","118.0.1","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","117.0.1","118.0b9","118.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4630","https://nvd.nist.gov/vuln/detail/CVE-2009-4630","firefox","","118.0","118.0b9","118.0.1","firefox","2009A0000004630","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4130","https://nvd.nist.gov/vuln/detail/CVE-2009-4130","firefox","","118.0","118.0b9","118.0.1","firefox","2009A0000004130","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4129","https://nvd.nist.gov/vuln/detail/CVE-2009-4129","firefox","","118.0","118.0b9","118.0.1","firefox","2009A0000004129","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-4102","https://nvd.nist.gov/vuln/detail/CVE-2009-4102","firefox","","118.0","118.0b9","118.0.1","firefox","2009A0000004102","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2009-1597","https://nvd.nist.gov/vuln/detail/CVE-2009-1597","firefox","","118.0","118.0b9","118.0.1","firefox","2009A0000001597","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-6715","https://nvd.nist.gov/vuln/detail/CVE-2007-6715","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000006715","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-5967","https://nvd.nist.gov/vuln/detail/CVE-2007-5967","firefox","6.5","118.0","118.0b9","118.0.1","firefox","2007A0000005967","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-4013","https://nvd.nist.gov/vuln/detail/CVE-2007-4013","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000004013","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3827","https://nvd.nist.gov/vuln/detail/CVE-2007-3827","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000003827","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-3670","https://nvd.nist.gov/vuln/detail/CVE-2007-3670","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000003670","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-2176","https://nvd.nist.gov/vuln/detail/CVE-2007-2176","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000002176","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1970","https://nvd.nist.gov/vuln/detail/CVE-2007-1970","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000001970","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-1667","https://nvd.nist.gov/vuln/detail/CVE-2007-1667","imagemagick","","7.1.1-18","7.1.1-18","7.1.1.18","imagemagick","2007A0000001667","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","118.0","118.0b9","118.0.1","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","118.0","118.0b9","118.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.2","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-wrrj-h57r-vx9p","https://osv.dev/GHSA-wrrj-h57r-vx9p","cargo","","1.69.0","","","","2023A1692835200","True","Duplicate to CVE-2023-40030.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" @@ -425,14 +419,14 @@ https://github.com/NixOS/nixpkgs/pull/232535" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.37-8","2.38","glibc","2023A0000004527","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.8","2.4.6","2.4.6","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/256378 https://github.com/NixOS/nixpkgs/pull/257637" @@ -445,9 +439,9 @@ https://github.com/NixOS/nixpkgs/pull/256150" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.1","8.1.1","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.1","8.1.1","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.1","8.1.1","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -505,9 +499,9 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-2880","https://nvd.nist.gov/vuln/detail/CVE-2022-2880","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002880","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-2879","https://nvd.nist.gov/vuln/detail/CVE-2022-2879","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000002879","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-1193","https://osv.dev/OSV-2022-1193","libarchive","","3.6.2","","","","2022A0000001193","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53594#c3.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.69","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-908","https://osv.dev/OSV-2022-908","bluez","","5.66","5.66","5.70","bluez","2022A0000000908","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-896","https://osv.dev/OSV-2022-896","libsass","","3.6.5","3.6.5","3.6.5","libsass","2022A0000000896","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.69","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-859","https://osv.dev/OSV-2022-859","bluez","","5.66","5.66","5.70","bluez","2022A0000000859","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-0856","https://nvd.nist.gov/vuln/detail/CVE-2022-0856","libcaca","6.5","0.99.beta20","","","","2022A0000000856","True","Crash in CLI tool, no security impact.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-842","https://osv.dev/OSV-2022-842","wolfssl","","5.5.4","5.6.3","5.6.3","wolfssl","2022A0000000842","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2022-819","https://osv.dev/OSV-2022-819","libraw","","0.21.1","0.21.1","0.21.1","libraw","2022A0000000819","False","","err_not_vulnerable_based_on_repology","" @@ -744,25 +738,21 @@ https://github.com/NixOS/nixpkgs/pull/256930" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.37-8","2.38","glibc","2023A0000004527","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/256887" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4236","https://nvd.nist.gov/vuln/detail/CVE-2023-4236","bind","7.5","9.18.16","9.18.19","9.18.19","bind","2023A0000004236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396 -https://github.com/NixOS/nixpkgs/pull/256469" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","4.6.4","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3341","https://nvd.nist.gov/vuln/detail/CVE-2023-3341","bind","7.5","9.18.16","9.18.19","9.18.19","bind","2023A0000003341","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256396 -https://github.com/NixOS/nixpkgs/pull/256469" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" @@ -796,7 +786,7 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-14860","https://nvd.nist.gov/vuln/detail/CVE-2019-14860","fuse","6.5","2.9.9-closefrom-glibc-2-34.patch?id=8a970396fca7aca2d5a761b8e7a8242f1eef14c9","","","","2019A0000014860","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-14860","https://nvd.nist.gov/vuln/detail/CVE-2019-14860","fuse","6.5","2.9.9","","","","2019A0000014860","True","Incorrect package: Issue concerns redhat fuse (https://developers.redhat.com/products/fuse/overview) not libfuse https://github.com/libfuse/libfuse/ which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-12749","https://nvd.nist.gov/vuln/detail/CVE-2019-12749","dbus","7.1","1","","","","2019A0000012749","True","Fixed with https://github.com/NixOS/nixpkgs/pull/63021 (dbus version '1' in nixpkgs currently refers 1.14.8).","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6470","https://nvd.nist.gov/vuln/detail/CVE-2019-6470","bind","7.5","9.18.16","","","","2019A0000006470","True","Not valid: https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606.","err_missing_repology_version","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6470","https://nvd.nist.gov/vuln/detail/CVE-2019-6470","bind","7.5","9.18.19","","","","2019A0000006470","True","Not valid: https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2019-6293","https://nvd.nist.gov/vuln/detail/CVE-2019-6293","flex","5.5","2.6.4","","","","2019A0000006293","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-1000182","https://nvd.nist.gov/vuln/detail/CVE-2018-1000182","git","6.4","2.40.1","","","","2018A0001000182","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2018-1000110","https://nvd.nist.gov/vuln/detail/CVE-2018-1000110","git","5.3","2.40.1","","","","2018A0001000110","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" @@ -824,21 +814,21 @@ https://github.com/NixOS/nixpkgs/pull/256930" https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","2.37-8","2.38","glibc","2023A0000004527","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/256887" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","4.6.4","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1943","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.1950","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index c659d8d..92f8336 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/611be21d1f87ed876df554ab852565a421911fd0. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.riscv64-linux.microchip-icicle-kit-release` revision https://github.com/tiiuae/ghaf/commit/f3ef261cda251706cbed1655c03f36217e65a071. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -27,12 +27,7 @@ Following table lists vulnerabilities that have been fixed in the nixpkgs channe Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/flake.lock) file to mitigate the following issues: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-----------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | -| [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | - +```No vulnerabilities``` ## Vulnerabilities Fixed in nix-unstable @@ -66,19 +61,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base |-------------------------------------------------------------------|------------|------------|------------------|------------------|------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.0.10 | 3.1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.3.0 | 8.3.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | 2.37-8 | 2.38 | | -| [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | -| [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.37-8 | 2.37-8 | 2.38 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* | | [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.1 | 5.2.1 | | @@ -86,8 +79,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.42.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.6.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 4.6.4 | 13.2.0 | | @@ -165,7 +158,6 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.6943 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.19 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). | -| [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.16 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). | | [CVE-2016-10132](https://nvd.nist.gov/vuln/detail/CVE-2016-10132) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-9294](https://nvd.nist.gov/vuln/detail/CVE-2016-9294) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-9136](https://nvd.nist.gov/vuln/detail/CVE-2016-9136) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -196,7 +188,6 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 2.9.9 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. | | [CVE-2019-14587](https://nvd.nist.gov/vuln/detail/CVE-2019-14587) | edk2 | 6.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.0.5 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.0.4 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6462](https://nvd.nist.gov/vuln/detail/CVE-2019-6462) | cairo | 6.5 | 1.16.0 | Not a valid: [link](https://github.com/NixOS/nixpkgs/pull/218039#issuecomment-1445460129). | | [CVE-2019-6461](https://nvd.nist.gov/vuln/detail/CVE-2019-6461) | cairo | 6.5 | 1.16.0 | Not valid: [link](https://github.com/NixOS/nixpkgs/pull/218039#issuecomment-1445460129). | | [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.1 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -226,14 +217,12 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.0.5 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | -| [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.0.4 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.0.5 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.0.4 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4493](https://nvd.nist.gov/vuln/detail/CVE-2016-4493) | libiberty | 5.5 | 12.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4491](https://nvd.nist.gov/vuln/detail/CVE-2016-4491) | libiberty | 5.5 | 12.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4490](https://nvd.nist.gov/vuln/detail/CVE-2016-4490) | libiberty | 5.5 | 12.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -265,7 +254,6 @@ Following table lists vulnerabilities that would otherwise have been included to | [OSV-2022-183](https://osv.dev/OSV-2022-183) | binutils | | 2.40 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44864#c2). | | [GHSA-mc7w-4cjf-c973](https://osv.dev/GHSA-mc7w-4cjf-c973) | opencv | | 4.7.0 | Incorrect package: Issue refers node-opencv, whereas, nixpkgs refers opencv [link](https://github.com/opencv/opencv). | | [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.0.5 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). | -| [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.0.4 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). | | [OSV-2021-777](https://osv.dev/OSV-2021-777) | libxml2 | | 2.10.4 | Fixed by [link](https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325), which went to 2.9.13. Therefore, this issue is fixed in 2.10.4. | | [GHSA-f698-m2v9-5fh3](https://osv.dev/GHSA-f698-m2v9-5fh3) | opencv | | 4.7.0 | Incorrect package: issue refers node-opencv [link](https://www.npmjs.com/package/opencv), whereas nixpkgs refers [link](https://github.com/opencv/opencv). | | [CVE-2014-9157](https://nvd.nist.gov/vuln/detail/CVE-2014-9157) | graphviz | | 7.1.0 | NVD data issue: CPE entry does not correctly state the version numbers. | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index 5e5137f..1753a7d 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/611be21d1f87ed876df554ab852565a421911fd0. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.generic-x86_64-release` revision https://github.com/tiiuae/ghaf/commit/f3ef261cda251706cbed1655c03f36217e65a071. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -27,13 +27,7 @@ Following table lists vulnerabilities that have been fixed in the nixpkgs channe Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/flake.lock) file to mitigate the following issues: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | -| [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | -| [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.4 | 8.1.1 | 8.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/256632)]* | - +```No vulnerabilities``` ## Vulnerabilities Fixed in nix-unstable @@ -66,138 +60,135 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | vuln_id | package | severity | version_local | nix_unstable | upstream | comment | |-------------------------------------------------------------------|-------------|------------|------------------|------------------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2022-32221](https://nvd.nist.gov/vuln/detail/CVE-2022-32221) | curl | 9.8 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | -| [CVE-2017-5511](https://nvd.nist.gov/vuln/detail/CVE-2017-5511) | imagemagick | 9.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.4 | 8.1.1 | 8.1.1 | | -| [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 117.0.1 | 118.0b9 | 118.0.1 | | +| [CVE-2017-5511](https://nvd.nist.gov/vuln/detail/CVE-2017-5511) | imagemagick | 9.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9852](https://nvd.nist.gov/vuln/detail/CVE-2014-9852) | imagemagick | 9.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9826](https://nvd.nist.gov/vuln/detail/CVE-2014-9826) | imagemagick | 9.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9831](https://nvd.nist.gov/vuln/detail/CVE-2014-9831) | imagemagick | 8.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9830](https://nvd.nist.gov/vuln/detail/CVE-2014-9830) | imagemagick | 8.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9828](https://nvd.nist.gov/vuln/detail/CVE-2014-9828) | imagemagick | 8.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9827](https://nvd.nist.gov/vuln/detail/CVE-2014-9827) | imagemagick | 8.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.0.5 | 8.1.1 | 8.1.1 | | +| [CVE-2022-4066](https://nvd.nist.gov/vuln/detail/CVE-2022-4066) | firefox | 8.2 | 118.0 | 118.0b9 | 118.0.1 | | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.0.10 | 3.1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.8 | 2.4.6 | 2.4.6 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.4 | 8.1.1 | 8.1.1 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.5 | 8.1.1 | 8.1.1 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.44 | | | | -| [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2017-5509](https://nvd.nist.gov/vuln/detail/CVE-2017-5509) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2017-5509](https://nvd.nist.gov/vuln/detail/CVE-2017-5509) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9822](https://nvd.nist.gov/vuln/detail/CVE-2014-9822) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9821](https://nvd.nist.gov/vuln/detail/CVE-2014-9821) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9820](https://nvd.nist.gov/vuln/detail/CVE-2014-9820) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9819](https://nvd.nist.gov/vuln/detail/CVE-2014-9819) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9817](https://nvd.nist.gov/vuln/detail/CVE-2014-9817) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | | [CVE-2023-39533](https://nvd.nist.gov/vuln/detail/CVE-2023-39533) | go | 7.5 | 1.17.13-linux-am | 1.21.1 | 1.21.1 | It's unclear if the vulnerable go pacakge 'go-libp2p' is actually used by anything Ghaf depends-on. The issue is included here, since NVD CPE refers go compiler 'golang:go' up to version 1.20.6. As soon as the nixpkgs PR that updates to go 1.20.7 ([link](https://github.com/NixOS/nixpkgs/pull/246663)) is in Ghaf, this issue should no longer be included in the reports. *[[PR](https://github.com/NixOS/nixpkgs/pull/253738)]* | | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.3.0 | 8.3.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963)]* | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | 2.37-8 | 2.38 | | -| [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | -| [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.4 | 8.1.1 | 8.1.1 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659)]* | -| [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | +| [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.5 | 8.1.1 | 8.1.1 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659)]* | | [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | | | [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) | curl | 7.5 | 0.4.44 | | | | | [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781) | curl | 7.5 | 0.4.44 | | | | -| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-10146](https://nvd.nist.gov/vuln/detail/CVE-2016-10146) | imagemagick | 7.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9854](https://nvd.nist.gov/vuln/detail/CVE-2014-9854) | imagemagick | 7.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9848](https://nvd.nist.gov/vuln/detail/CVE-2014-9848) | imagemagick | 7.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9804](https://nvd.nist.gov/vuln/detail/CVE-2014-9804) | imagemagick | 7.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.10.1 | 2.10.1 | | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.42.2 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.37-8 | 2.37-8 | 2.38 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* | -| [CVE-2023-4135](https://nvd.nist.gov/vuln/detail/CVE-2023-4135) | qemu | 6.5 | 8.0.4 | 8.1.1 | 8.1.1 | Fixed upstream in 8.1.0. | -| [CVE-2023-3180](https://nvd.nist.gov/vuln/detail/CVE-2023-3180) | qemu | 6.5 | 8.0.4 | 8.1.1 | 8.1.1 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659)]* | -| [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.0.4 | 8.1.1 | 8.1.1 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). | +| [CVE-2023-4135](https://nvd.nist.gov/vuln/detail/CVE-2023-4135) | qemu | 6.5 | 8.0.5 | 8.1.1 | 8.1.1 | Fixed upstream in 8.1.0. | +| [CVE-2023-3180](https://nvd.nist.gov/vuln/detail/CVE-2023-3180) | qemu | 6.5 | 8.0.5 | 8.1.1 | 8.1.1 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659)]* | +| [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.0.5 | 8.1.1 | 8.1.1 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). | | [CVE-2022-32206](https://nvd.nist.gov/vuln/detail/CVE-2022-32206) | curl | 6.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/179314), [PR](https://github.com/NixOS/nixpkgs/pull/180021)]* | | [CVE-2022-27776](https://nvd.nist.gov/vuln/detail/CVE-2022-27776) | curl | 6.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/170654), [PR](https://github.com/NixOS/nixpkgs/pull/170659)]* | | [CVE-2021-46312](https://nvd.nist.gov/vuln/detail/CVE-2021-46312) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | | [CVE-2021-46310](https://nvd.nist.gov/vuln/detail/CVE-2021-46310) | djvulibre | 6.5 | 3.5.28 | 3.5.28 | 3.5.28 | | | [CVE-2020-22628](https://nvd.nist.gov/vuln/detail/CVE-2020-22628) | libraw | 6.5 | 0.21.1 | 0.21.1 | 0.21.1 | | -| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7537](https://nvd.nist.gov/vuln/detail/CVE-2016-7537) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7536](https://nvd.nist.gov/vuln/detail/CVE-2016-7536) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7535](https://nvd.nist.gov/vuln/detail/CVE-2016-7535) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7534](https://nvd.nist.gov/vuln/detail/CVE-2016-7534) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7533](https://nvd.nist.gov/vuln/detail/CVE-2016-7533) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7530](https://nvd.nist.gov/vuln/detail/CVE-2016-7530) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7529](https://nvd.nist.gov/vuln/detail/CVE-2016-7529) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7528](https://nvd.nist.gov/vuln/detail/CVE-2016-7528) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7527](https://nvd.nist.gov/vuln/detail/CVE-2016-7527) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7526](https://nvd.nist.gov/vuln/detail/CVE-2016-7526) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7525](https://nvd.nist.gov/vuln/detail/CVE-2016-7525) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7524](https://nvd.nist.gov/vuln/detail/CVE-2016-7524) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7523](https://nvd.nist.gov/vuln/detail/CVE-2016-7523) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7522](https://nvd.nist.gov/vuln/detail/CVE-2016-7522) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7521](https://nvd.nist.gov/vuln/detail/CVE-2016-7521) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7520](https://nvd.nist.gov/vuln/detail/CVE-2016-7520) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7519](https://nvd.nist.gov/vuln/detail/CVE-2016-7519) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7518](https://nvd.nist.gov/vuln/detail/CVE-2016-7518) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7517](https://nvd.nist.gov/vuln/detail/CVE-2016-7517) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7516](https://nvd.nist.gov/vuln/detail/CVE-2016-7516) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7515](https://nvd.nist.gov/vuln/detail/CVE-2016-7515) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 117.0.1 | 118.0b9 | 118.0.1 | | +| [CVE-2016-7538](https://nvd.nist.gov/vuln/detail/CVE-2016-7538) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7537](https://nvd.nist.gov/vuln/detail/CVE-2016-7537) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7536](https://nvd.nist.gov/vuln/detail/CVE-2016-7536) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7535](https://nvd.nist.gov/vuln/detail/CVE-2016-7535) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7534](https://nvd.nist.gov/vuln/detail/CVE-2016-7534) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7533](https://nvd.nist.gov/vuln/detail/CVE-2016-7533) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7532](https://nvd.nist.gov/vuln/detail/CVE-2016-7532) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7531](https://nvd.nist.gov/vuln/detail/CVE-2016-7531) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7530](https://nvd.nist.gov/vuln/detail/CVE-2016-7530) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7529](https://nvd.nist.gov/vuln/detail/CVE-2016-7529) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7528](https://nvd.nist.gov/vuln/detail/CVE-2016-7528) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7527](https://nvd.nist.gov/vuln/detail/CVE-2016-7527) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7526](https://nvd.nist.gov/vuln/detail/CVE-2016-7526) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7525](https://nvd.nist.gov/vuln/detail/CVE-2016-7525) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7524](https://nvd.nist.gov/vuln/detail/CVE-2016-7524) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7523](https://nvd.nist.gov/vuln/detail/CVE-2016-7523) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7522](https://nvd.nist.gov/vuln/detail/CVE-2016-7522) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7521](https://nvd.nist.gov/vuln/detail/CVE-2016-7521) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7520](https://nvd.nist.gov/vuln/detail/CVE-2016-7520) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7519](https://nvd.nist.gov/vuln/detail/CVE-2016-7519) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7518](https://nvd.nist.gov/vuln/detail/CVE-2016-7518) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7517](https://nvd.nist.gov/vuln/detail/CVE-2016-7517) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7516](https://nvd.nist.gov/vuln/detail/CVE-2016-7516) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7515](https://nvd.nist.gov/vuln/detail/CVE-2016-7515) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7514](https://nvd.nist.gov/vuln/detail/CVE-2016-7514) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-7513](https://nvd.nist.gov/vuln/detail/CVE-2016-7513) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9907](https://nvd.nist.gov/vuln/detail/CVE-2014-9907) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9829](https://nvd.nist.gov/vuln/detail/CVE-2014-9829) | imagemagick | 6.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2007-5967](https://nvd.nist.gov/vuln/detail/CVE-2007-5967) | firefox | 6.5 | 118.0 | 118.0b9 | 118.0.1 | | | [CVE-2023-39319](https://nvd.nist.gov/vuln/detail/CVE-2023-39319) | go | 6.1 | 1.17.13-linux-am | 1.21.1 | 1.21.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/253738)]* | | [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.1 | 1.21.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/253738)]* | | [CVE-2020-35669](https://nvd.nist.gov/vuln/detail/CVE-2020-35669) | http | 6.1 | 0.2.9 | 0.3-0 | 0.4 | | | [CVE-2023-28321](https://nvd.nist.gov/vuln/detail/CVE-2023-28321) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | -| [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.4 | 8.1.1 | 8.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/256632)]* | | [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.10.1 | 2.10.1 | | | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1943 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.1950 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | -| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9818](https://nvd.nist.gov/vuln/detail/CVE-2014-9818) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9816](https://nvd.nist.gov/vuln/detail/CVE-2014-9816) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9815](https://nvd.nist.gov/vuln/detail/CVE-2014-9815) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9814](https://nvd.nist.gov/vuln/detail/CVE-2014-9814) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9813](https://nvd.nist.gov/vuln/detail/CVE-2014-9813) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9812](https://nvd.nist.gov/vuln/detail/CVE-2014-9812) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9811](https://nvd.nist.gov/vuln/detail/CVE-2014-9811) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9810](https://nvd.nist.gov/vuln/detail/CVE-2014-9810) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9809](https://nvd.nist.gov/vuln/detail/CVE-2014-9809) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9808](https://nvd.nist.gov/vuln/detail/CVE-2014-9808) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9807](https://nvd.nist.gov/vuln/detail/CVE-2014-9807) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9806](https://nvd.nist.gov/vuln/detail/CVE-2014-9806) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.42.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 117.0.1 | 118.0b9 | 118.0.1 | | +| [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 118.0 | 118.0b9 | 118.0.1 | | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.6.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.1 | 1.21.1 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/253738)]* | -| [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 117.0.1 | 118.0b9 | 118.0.1 | | +| [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 118.0 | 118.0b9 | 118.0.1 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 4.6.4 | 13.2.0 | | -| [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 117.0.1 | 118.0b9 | 118.0.1 | | +| [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 118.0 | 118.0b9 | 118.0.1 | | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* | @@ -205,19 +196,19 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.2.0 | 1.2.2 | 1.2.2 | | | [OSV-2023-505](https://osv.dev/OSV-2023-505) | file | | 5.44 | 5.45 | 5.45 | Unclear if this is still valid. | -| [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.0.4 | 8.1.1 | 8.1.1 | Unclear if this is still valid. | +| [OSV-2023-390](https://osv.dev/OSV-2023-390) | qemu | | 8.0.5 | 8.1.1 | 8.1.1 | Unclear if this is still valid. | | [OSV-2023-184](https://osv.dev/OSV-2023-184) | libraw | | 0.21.1 | 0.21.1 | 0.21.1 | | | [OSV-2023-90](https://osv.dev/OSV-2023-90) | libraw | | 0.21.1 | 0.21.1 | 0.21.1 | | | [OSV-2023-80](https://osv.dev/OSV-2023-80) | libgit2 | | 1.6.4 | 1.7.1 | 1.7.1 | | | [OSV-2023-56](https://osv.dev/OSV-2023-56) | libgit2 | | 1.6.4 | 1.7.1 | 1.7.1 | | -| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.66 | 5.69 | Unclear if this is still valid. | +| [OSV-2022-908](https://osv.dev/OSV-2022-908) | bluez | | 5.66 | 5.66 | 5.70 | Unclear if this is still valid. | | [OSV-2022-896](https://osv.dev/OSV-2022-896) | libsass | | 3.6.5 | 3.6.5 | 3.6.5 | Unclear if this is still valid. | -| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.66 | 5.69 | Unclear if this is still valid. | +| [OSV-2022-859](https://osv.dev/OSV-2022-859) | bluez | | 5.66 | 5.66 | 5.70 | Unclear if this is still valid. | | [OSV-2022-842](https://osv.dev/OSV-2022-842) | wolfssl | | 5.5.4 | 5.6.3 | 5.6.3 | Unclear if this is still valid. | | [OSV-2022-819](https://osv.dev/OSV-2022-819) | libraw | | 0.21.1 | 0.21.1 | 0.21.1 | | | [OSV-2022-725](https://osv.dev/OSV-2022-725) | libjxl | | 0.8.2 | 0.8.2 | 0.8.2 | Unclear if this is still valid. | | [OSV-2022-608](https://osv.dev/OSV-2022-608) | libjxl | | 0.8.2 | 0.8.2 | 0.8.2 | Unclear if this is still valid. | -| [OSV-2022-581](https://osv.dev/OSV-2022-581) | qemu | | 8.0.4 | 8.1.1 | 8.1.1 | Unclear if this is still valid. | +| [OSV-2022-581](https://osv.dev/OSV-2022-581) | qemu | | 8.0.5 | 8.1.1 | 8.1.1 | Unclear if this is still valid. | | [OSV-2022-394](https://osv.dev/OSV-2022-394) | opencv | | 4.7.0 | 4.7.0 | 4.8.1 | No attention from upstream: [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47190). | | [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. | | [OSV-2021-594](https://osv.dev/OSV-2021-594) | libheif | | 1.15.2 | 1.15.2 | 1.16.2 | | @@ -229,25 +220,25 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2020-822](https://osv.dev/OSV-2020-822) | jbig2dec | | 0.19 | 0.19 | 0.20 | | | [OSV-2020-521](https://osv.dev/OSV-2020-521) | aspell | | 0.60.8 | 0.60.8 | 0.60.8 | | | [OSV-2020-438](https://osv.dev/OSV-2020-438) | capstone | | 4.0.2 | 4.0.2 | 5.0.1 | | -| [CVE-2014-6492](https://nvd.nist.gov/vuln/detail/CVE-2014-6492) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2012-4930](https://nvd.nist.gov/vuln/detail/CVE-2012-4930) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2012-4929](https://nvd.nist.gov/vuln/detail/CVE-2012-4929) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2011-3389](https://nvd.nist.gov/vuln/detail/CVE-2011-3389) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2011-0064](https://nvd.nist.gov/vuln/detail/CVE-2011-0064) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2009-4630](https://nvd.nist.gov/vuln/detail/CVE-2009-4630) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2009-4130](https://nvd.nist.gov/vuln/detail/CVE-2009-4130) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2009-4129](https://nvd.nist.gov/vuln/detail/CVE-2009-4129) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2009-4102](https://nvd.nist.gov/vuln/detail/CVE-2009-4102) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2009-1597](https://nvd.nist.gov/vuln/detail/CVE-2009-1597) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-6715](https://nvd.nist.gov/vuln/detail/CVE-2007-6715) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-4013](https://nvd.nist.gov/vuln/detail/CVE-2007-4013) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-3827](https://nvd.nist.gov/vuln/detail/CVE-2007-3827) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-3670](https://nvd.nist.gov/vuln/detail/CVE-2007-3670) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-2176](https://nvd.nist.gov/vuln/detail/CVE-2007-2176) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-1970](https://nvd.nist.gov/vuln/detail/CVE-2007-1970) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2007-1667](https://nvd.nist.gov/vuln/detail/CVE-2007-1667) | imagemagick | | 7.1.1-15 | 7.1.1-18 | 7.1.1.18 | | -| [CVE-2007-0896](https://nvd.nist.gov/vuln/detail/CVE-2007-0896) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | -| [CVE-2003-1492](https://nvd.nist.gov/vuln/detail/CVE-2003-1492) | firefox | | 117.0.1 | 118.0b9 | 118.0.1 | | +| [CVE-2014-6492](https://nvd.nist.gov/vuln/detail/CVE-2014-6492) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2012-4930](https://nvd.nist.gov/vuln/detail/CVE-2012-4930) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2012-4929](https://nvd.nist.gov/vuln/detail/CVE-2012-4929) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2011-3389](https://nvd.nist.gov/vuln/detail/CVE-2011-3389) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2011-0064](https://nvd.nist.gov/vuln/detail/CVE-2011-0064) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2009-4630](https://nvd.nist.gov/vuln/detail/CVE-2009-4630) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2009-4130](https://nvd.nist.gov/vuln/detail/CVE-2009-4130) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2009-4129](https://nvd.nist.gov/vuln/detail/CVE-2009-4129) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2009-4102](https://nvd.nist.gov/vuln/detail/CVE-2009-4102) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2009-1597](https://nvd.nist.gov/vuln/detail/CVE-2009-1597) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-6715](https://nvd.nist.gov/vuln/detail/CVE-2007-6715) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-4013](https://nvd.nist.gov/vuln/detail/CVE-2007-4013) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-3827](https://nvd.nist.gov/vuln/detail/CVE-2007-3827) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-3670](https://nvd.nist.gov/vuln/detail/CVE-2007-3670) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-2176](https://nvd.nist.gov/vuln/detail/CVE-2007-2176) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-1970](https://nvd.nist.gov/vuln/detail/CVE-2007-1970) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2007-1667](https://nvd.nist.gov/vuln/detail/CVE-2007-1667) | imagemagick | | 7.1.1-18 | 7.1.1-18 | 7.1.1.18 | | +| [CVE-2007-0896](https://nvd.nist.gov/vuln/detail/CVE-2007-0896) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | +| [CVE-2003-1492](https://nvd.nist.gov/vuln/detail/CVE-2003-1492) | firefox | | 118.0 | 118.0b9 | 118.0.1 | | @@ -317,7 +308,6 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.6943 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.19 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). | -| [CVE-2019-6470](https://nvd.nist.gov/vuln/detail/CVE-2019-6470) | bind | 7.5 | 9.18.16 | Not valid: [link](https://github.com/NixOS/nixpkgs/issues/73617#issuecomment-569491606). | | [CVE-2016-10132](https://nvd.nist.gov/vuln/detail/CVE-2016-10132) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-9294](https://nvd.nist.gov/vuln/detail/CVE-2016-9294) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-9136](https://nvd.nist.gov/vuln/detail/CVE-2016-9136) | mujs | 7.5 | 1.3.3 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -348,7 +338,6 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2019-14860](https://nvd.nist.gov/vuln/detail/CVE-2019-14860) | fuse | 6.5 | 2.9.9 | Incorrect package: Issue concerns redhat fuse ([link](https://developers.redhat.com/products/fuse/overview)) not libfuse [link](https://github.com/libfuse/libfuse/) which is what 'fuse' package in nixpkgs refers. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives. | | [CVE-2019-14587](https://nvd.nist.gov/vuln/detail/CVE-2019-14587) | edk2 | 6.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.0.5 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2019-12067](https://nvd.nist.gov/vuln/detail/CVE-2019-12067) | qemu | 6.5 | 8.0.4 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6462](https://nvd.nist.gov/vuln/detail/CVE-2019-6462) | cairo | 6.5 | 1.16.0 | Not a valid: [link](https://github.com/NixOS/nixpkgs/pull/218039#issuecomment-1445460129). | | [CVE-2019-6461](https://nvd.nist.gov/vuln/detail/CVE-2019-6461) | cairo | 6.5 | 1.16.0 | Not valid: [link](https://github.com/NixOS/nixpkgs/pull/218039#issuecomment-1445460129). | | [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.1 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -378,14 +367,12 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2021-26260](https://nvd.nist.gov/vuln/detail/CVE-2021-26260) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-23215](https://nvd.nist.gov/vuln/detail/CVE-2021-23215) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/commit/4212416433a230334cef0ac122cb8d722746035d) which went to 2.5.5. | | [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.0.5 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | -| [CVE-2021-20255](https://nvd.nist.gov/vuln/detail/CVE-2021-20255) | qemu | 5.5 | 8.0.4 | Upstream patch not merged: [link](https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg06098.html). No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2021-3605](https://nvd.nist.gov/vuln/detail/CVE-2021-3605) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2021-3598](https://nvd.nist.gov/vuln/detail/CVE-2021-3598) | openexr | 5.5 | 2.5.8 | False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR [link](https://github.com/AcademySoftwareFoundation/openexr/pull/1040) which went to 2.5.7. | | [CVE-2019-20633](https://nvd.nist.gov/vuln/detail/CVE-2019-20633) | patch | 5.5 | 2.7.6 | Upstream patch is not merged: [link](https://savannah.gnu.org/bugs/index.php?56683). Not sure why this isn't fixed upstream. No point fixing this in nixpkgs as long as it is not fixed upstream. | | [CVE-2019-14562](https://nvd.nist.gov/vuln/detail/CVE-2019-14562) | edk2 | 5.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-6293](https://nvd.nist.gov/vuln/detail/CVE-2019-6293) | flex | 5.5 | 2.6.4 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.0.5 | NVD data issue: CPE entry does not correctly state the version numbers. | -| [CVE-2018-18438](https://nvd.nist.gov/vuln/detail/CVE-2018-18438) | qemu | 5.5 | 8.0.4 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4493](https://nvd.nist.gov/vuln/detail/CVE-2016-4493) | libiberty | 5.5 | 12.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4491](https://nvd.nist.gov/vuln/detail/CVE-2016-4491) | libiberty | 5.5 | 12.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2016-4490](https://nvd.nist.gov/vuln/detail/CVE-2016-4490) | libiberty | 5.5 | 12.2.0 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -417,7 +404,6 @@ Following table lists vulnerabilities that would otherwise have been included to | [OSV-2022-183](https://osv.dev/OSV-2022-183) | binutils | | 2.40 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44864#c2). | | [GHSA-mc7w-4cjf-c973](https://osv.dev/GHSA-mc7w-4cjf-c973) | opencv | | 4.7.0 | Incorrect package: Issue refers node-opencv, whereas, nixpkgs refers opencv [link](https://github.com/opencv/opencv). | | [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.0.5 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). | -| [OSV-2021-820](https://osv.dev/OSV-2021-820) | qemu | | 8.0.4 | Fixed based on [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2). | | [OSV-2021-777](https://osv.dev/OSV-2021-777) | libxml2 | | 2.10.4 | Fixed by [link](https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325), which went to 2.9.13. Therefore, this issue is fixed in 2.10.4. | | [GHSA-f698-m2v9-5fh3](https://osv.dev/GHSA-f698-m2v9-5fh3) | opencv | | 4.7.0 | Incorrect package: issue refers node-opencv [link](https://www.npmjs.com/package/opencv), whereas nixpkgs refers [link](https://github.com/opencv/opencv). | | [CVE-2014-9157](https://nvd.nist.gov/vuln/detail/CVE-2014-9157) | graphviz | | 7.1.0 | NVD data issue: CPE entry does not correctly state the version numbers. |