Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Oct 15, 2023
1 parent 77ecf49 commit 7b8ca87
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 8 deletions.
14 changes: 14 additions & 0 deletions reports/ghaf-23.06/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43788","https://nvd.nist.gov/vuln/detail/CVE-2023-43788","libXpm","5.5","3.5.15","3.5.16","3.5.17","libxpm","2023A0000043788","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43787","https://nvd.nist.gov/vuln/detail/CVE-2023-43787","libX11","7.8","1.8.4","1.8.6","1.8.7","libx11","2023A0000043787","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43786","https://nvd.nist.gov/vuln/detail/CVE-2023-43786","libX11","5.5","1.8.4","1.8.6","1.8.7","libx11","2023A0000043786","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.4","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-42467","https://nvd.nist.gov/vuln/detail/CVE-2023-42467","qemu","5.5","8.0.0","8.1.1","8.1.1","qemu","2023A0000042467","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256632"
Expand All @@ -27,6 +32,8 @@ https://github.com/NixOS/nixpkgs/pull/258619"
https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39533","https://nvd.nist.gov/vuln/detail/CVE-2023-39533","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039533","False","It's unclear if the vulnerable go pacakge 'go-libp2p' is actually used by anything Ghaf depends-on. The issue is included here, since NVD CPE refers go compiler 'golang:go' up to version 1.20.6. As soon as the nixpkgs PR that updates to go 1.20.7 (https://github.com/NixOS/nixpkgs/pull/246663) is in Ghaf, this issue should no longer be included in the reports.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738
https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","9.8","1.20.4","1.21.1","1.21.3","go","2023A0000039323","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","9.8","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039323","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.20.4","1.21.1","1.21.3","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738
https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738
Expand Down Expand Up @@ -349,6 +356,11 @@ https://github.com/NixOS/nixpkgs/pull/84664"
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-43788","https://nvd.nist.gov/vuln/detail/CVE-2023-43788","libXpm","5.5","3.5.15","3.5.16","3.5.17","libxpm","2023A0000043788","False","","err_not_vulnerable_based_on_repology",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-43787","https://nvd.nist.gov/vuln/detail/CVE-2023-43787","libX11","7.8","1.8.6","1.8.6","1.8.7","libx11","2023A0000043787","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-43786","https://nvd.nist.gov/vuln/detail/CVE-2023-43786","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043786","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
Expand All @@ -357,6 +369,8 @@ https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39742","https://nvd.nist.gov/vuln/detail/CVE-2023-39742","giflib","5.5","5.2.1","5.2.1","5.2.1","giflib","2023A0000039742","False","","fix_not_available",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39533","https://nvd.nist.gov/vuln/detail/CVE-2023-39533","go","7.5","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039533","False","It's unclear if the vulnerable go pacakge 'go-libp2p' is actually used by anything Ghaf depends-on. The issue is included here, since NVD CPE refers go compiler 'golang:go' up to version 1.20.6. As soon as the nixpkgs PR that updates to go 1.20.7 (https://github.com/NixOS/nixpkgs/pull/246663) is in Ghaf, this issue should no longer be included in the reports.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738
https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","9.8","1.20.8","1.21.1","1.21.3","go","2023A0000039323","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39323","https://nvd.nist.gov/vuln/detail/CVE-2023-39323","go","9.8","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039323","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39319","https://nvd.nist.gov/vuln/detail/CVE-2023-39319","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039319","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738
https://github.com/NixOS/nixpkgs/pull/259329"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-39318","https://nvd.nist.gov/vuln/detail/CVE-2023-39318","go","6.1","1.17.13-linux-amd64-bootstrap","1.21.1","1.21.3","go","2023A0000039318","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/253738
Expand Down
Loading

0 comments on commit 7b8ca87

Please sign in to comment.