From 93d532a16aadd9b20d55041ed1472a00362de178 Mon Sep 17 00:00:00 2001 From: henrirosten Date: Sat, 30 Mar 2024 04:02:50 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/ghaf-23.12/data.csv | 53 ++++++---- ...ges.x86_64-linux.generic-x86_64-release.md | 80 ++++++++++----- reports/ghaf-24.03/data.csv | 53 ++++++---- ...ges.x86_64-linux.generic-x86_64-release.md | 80 ++++++++++----- reports/main/data.csv | 99 ++++++++++++------- ...cv64-linux.microchip-icicle-kit-release.md | 62 +++++++----- ...ges.x86_64-linux.generic-x86_64-release.md | 80 ++++++++++----- 7 files changed, 327 insertions(+), 180 deletions(-) diff --git a/reports/ghaf-23.12/data.csv b/reports/ghaf-23.12/data.csv index 58f9b45..8630ce9 100644 --- a/reports/ghaf-23.12/data.csv +++ b/reports/ghaf-23.12/data.csv @@ -4,9 +4,15 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-29944","https://nvd.nist.gov/vuln/detail/CVE-2024-29944","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000029944","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298090 https://github.com/NixOS/nixpkgs/pull/298102 https://github.com/NixOS/nixpkgs/pull/298196" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-29943","https://nvd.nist.gov/vuln/detail/CVE-2024-29943","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000029943","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298090 +https://github.com/NixOS/nixpkgs/pull/298102" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-26283","https://nvd.nist.gov/vuln/detail/CVE-2024-26283","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-26282","https://nvd.nist.gov/vuln/detail/CVE-2024-26282","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026282","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-26281","https://nvd.nist.gov/vuln/detail/CVE-2024-26281","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026281","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-25629","https://nvd.nist.gov/vuln/detail/CVE-2024-25629","c-ares","4.4","1.19.1","1.27.0","1.28.0","c-ares","2024A0000025629","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/291030 +https://github.com/NixOS/nixpkgs/pull/291034" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-25062","https://nvd.nist.gov/vuln/detail/CVE-2024-25062","libxml2","7.5","2.11.5","2.12.5","2.12.6","libxml2","2024A0000025062","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286300 https://github.com/NixOS/nixpkgs/pull/296300" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-24806","https://nvd.nist.gov/vuln/detail/CVE-2024-24806","libuv","7.3","1.46.0","1.48.0","1.48.0","libuv","2024A0000024806","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/287226" @@ -23,17 +29,22 @@ https://github.com/NixOS/nixpkgs/pull/287841" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22861","https://nvd.nist.gov/vuln/detail/CVE-2024-22861","ffmpeg","7.5","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-21886","https://nvd.nist.gov/vuln/detail/CVE-2024-21886","xorg-server","7.8","21.1.9","21.1.11","21.1.11","xorg-server","2024A0000021886","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-21885","https://nvd.nist.gov/vuln/detail/CVE-2024-21885","xorg-server","7.8","21.1.9","21.1.11","21.1.11","xorg-server","2024A0000021885","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2615","https://nvd.nist.gov/vuln/detail/CVE-2024-2615","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002615","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2614","https://nvd.nist.gov/vuln/detail/CVE-2024-2614","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002614","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2613","https://nvd.nist.gov/vuln/detail/CVE-2024-2613","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002613","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2612","https://nvd.nist.gov/vuln/detail/CVE-2024-2612","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002612","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2611","https://nvd.nist.gov/vuln/detail/CVE-2024-2611","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002611","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2610","https://nvd.nist.gov/vuln/detail/CVE-2024-2610","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002610","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2609","https://nvd.nist.gov/vuln/detail/CVE-2024-2609","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002609","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2608","https://nvd.nist.gov/vuln/detail/CVE-2024-2608","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002608","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2607","https://nvd.nist.gov/vuln/detail/CVE-2024-2607","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002607","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2606","https://nvd.nist.gov/vuln/detail/CVE-2024-2606","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002606","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-2605","https://nvd.nist.gov/vuln/detail/CVE-2024-2605","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002605","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-1580","https://nvd.nist.gov/vuln/detail/CVE-2024-1580","dav1d","5.9","1.2.1","1.4.0","1.4.1","dav1d","2024A0000001580","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/288951 https://github.com/NixOS/nixpkgs/pull/290956" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-1557","https://nvd.nist.gov/vuln/detail/CVE-2024-1557","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000001557","False","","err_not_vulnerable_based_on_repology","" @@ -87,7 +98,7 @@ https://github.com/NixOS/nixpkgs/pull/298090 https://github.com/NixOS/nixpkgs/pull/298125" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2024A0000000727","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775 https://github.com/NixOS/nixpkgs/pull/297657" @@ -142,21 +153,21 @@ https://github.com/NixOS/nixpkgs/pull/276505 https://github.com/NixOS/nixpkgs/pull/294783 https://github.com/NixOS/nixpkgs/pull/295129 https://github.com/NixOS/nixpkgs/pull/295142" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" @@ -172,12 +183,12 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -669,6 +680,8 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","120.0.1","124.0.1","124.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2024A1708041600","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-24474","https://nvd.nist.gov/vuln/detail/CVE-2024-24474","qemu","","8.1.5","8.2.2","8.2.2","qemu","2024A0000024474","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22862","https://nvd.nist.gov/vuln/detail/CVE-2024-22862","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022862","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22862","https://nvd.nist.gov/vuln/detail/CVE-2024-22862","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022862","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" @@ -676,11 +689,11 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22861","https://nvd.nist.gov/vuln/detail/CVE-2024-22861","ffmpeg","7.5","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-0953","https://nvd.nist.gov/vuln/detail/CVE-2024-0953","firefox","6.1","124.0.1","124.0.1","124.0.1","firefox","2024A0000000953","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" @@ -688,7 +701,7 @@ https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.8","1.22.1","1.22.1","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22.1","1.22.1","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" @@ -697,10 +710,10 @@ https://github.com/NixOS/nixpkgs/pull/294737" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -1097,8 +1110,10 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","124.0.1","124.0.1","124.0.1","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","lock_updated","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","124.0.1","124.0.1","124.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2024-0953","https://nvd.nist.gov/vuln/detail/CVE-2024-0953","firefox","6.1","124.0.1","124.0.1","124.0.1","firefox","2024A0000000953","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.12","nix_unstable","CVE-2024-0450","https://nvd.nist.gov/vuln/detail/CVE-2024-0450","python","6.2","2.7.18.7","3.12.2","3.12.2","python","2024A0000000450","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298006 https://github.com/NixOS/nixpkgs/pull/299123 https://github.com/NixOS/nixpkgs/pull/299125" diff --git a/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md index 148b371..1a319b6 100644 --- a/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.12/packages.x86_64-linux.generic-x86_64-release.md @@ -105,37 +105,44 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | | [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | | [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | @@ -167,7 +174,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* | @@ -177,7 +184,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | @@ -193,9 +200,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -213,7 +220,19 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | + ## All Vulnerabilities Impacting Ghaf @@ -270,7 +289,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.22.1 | 1.22.1 | | | [CVE-2024-0985](https://nvd.nist.gov/vuln/detail/CVE-2024-0985) | postgresql | 8.0 | 15.5 | 16.2 | 16.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287353)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2024-21886](https://nvd.nist.gov/vuln/detail/CVE-2024-21886) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2024-21885](https://nvd.nist.gov/vuln/detail/CVE-2024-21885) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | @@ -351,7 +370,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | @@ -419,7 +438,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) | openssl | 5.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | -| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.4 | | +| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/299945)]* | | [CVE-2024-0408](https://nvd.nist.gov/vuln/detail/CVE-2024-0408) | xorg-server | 5.5 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | @@ -427,7 +446,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -464,7 +483,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.29 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.44.0 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 124.0.1 | 124.0.1 | | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.14 | 2.15 | 2.15 | | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | @@ -476,22 +496,24 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.22.1 | 1.22.1 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.22.1 | 1.22.1 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 124.0.1 | 124.0.1 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | | [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | @@ -502,16 +524,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | | [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | diff --git a/reports/ghaf-24.03/data.csv b/reports/ghaf-24.03/data.csv index d823074..a7ac6b8 100644 --- a/reports/ghaf-24.03/data.csv +++ b/reports/ghaf-24.03/data.csv @@ -4,9 +4,15 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-29944","https://nvd.nist.gov/vuln/detail/CVE-2024-29944","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000029944","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298090 https://github.com/NixOS/nixpkgs/pull/298102 https://github.com/NixOS/nixpkgs/pull/298196" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-29943","https://nvd.nist.gov/vuln/detail/CVE-2024-29943","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000029943","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298090 +https://github.com/NixOS/nixpkgs/pull/298102" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-26283","https://nvd.nist.gov/vuln/detail/CVE-2024-26283","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-26282","https://nvd.nist.gov/vuln/detail/CVE-2024-26282","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026282","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-26281","https://nvd.nist.gov/vuln/detail/CVE-2024-26281","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026281","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-25629","https://nvd.nist.gov/vuln/detail/CVE-2024-25629","c-ares","4.4","1.19.1","1.27.0","1.28.0","c-ares","2024A0000025629","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/291030 +https://github.com/NixOS/nixpkgs/pull/291034" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-25062","https://nvd.nist.gov/vuln/detail/CVE-2024-25062","libxml2","7.5","2.11.5","2.12.5","2.12.6","libxml2","2024A0000025062","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286300 https://github.com/NixOS/nixpkgs/pull/296300" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-24806","https://nvd.nist.gov/vuln/detail/CVE-2024-24806","libuv","7.3","1.46.0","1.48.0","1.48.0","libuv","2024A0000024806","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/287226" @@ -23,17 +29,22 @@ https://github.com/NixOS/nixpkgs/pull/287841" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-22861","https://nvd.nist.gov/vuln/detail/CVE-2024-22861","ffmpeg","7.5","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-21886","https://nvd.nist.gov/vuln/detail/CVE-2024-21886","xorg-server","7.8","21.1.9","21.1.11","21.1.11","xorg-server","2024A0000021886","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-21885","https://nvd.nist.gov/vuln/detail/CVE-2024-21885","xorg-server","7.8","21.1.9","21.1.11","21.1.11","xorg-server","2024A0000021885","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2615","https://nvd.nist.gov/vuln/detail/CVE-2024-2615","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002615","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2614","https://nvd.nist.gov/vuln/detail/CVE-2024-2614","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002614","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2613","https://nvd.nist.gov/vuln/detail/CVE-2024-2613","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002613","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2612","https://nvd.nist.gov/vuln/detail/CVE-2024-2612","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002612","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2611","https://nvd.nist.gov/vuln/detail/CVE-2024-2611","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002611","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2610","https://nvd.nist.gov/vuln/detail/CVE-2024-2610","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002610","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2609","https://nvd.nist.gov/vuln/detail/CVE-2024-2609","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002609","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2608","https://nvd.nist.gov/vuln/detail/CVE-2024-2608","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002608","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2607","https://nvd.nist.gov/vuln/detail/CVE-2024-2607","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002607","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2606","https://nvd.nist.gov/vuln/detail/CVE-2024-2606","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002606","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-2605","https://nvd.nist.gov/vuln/detail/CVE-2024-2605","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002605","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-1580","https://nvd.nist.gov/vuln/detail/CVE-2024-1580","dav1d","5.9","1.2.1","1.4.0","1.4.1","dav1d","2024A0000001580","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/288951 https://github.com/NixOS/nixpkgs/pull/290956" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-1557","https://nvd.nist.gov/vuln/detail/CVE-2024-1557","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000001557","False","","err_not_vulnerable_based_on_repology","" @@ -87,7 +98,7 @@ https://github.com/NixOS/nixpkgs/pull/298090 https://github.com/NixOS/nixpkgs/pull/298125" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2024A0000000727","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775 https://github.com/NixOS/nixpkgs/pull/297657" @@ -142,21 +153,21 @@ https://github.com/NixOS/nixpkgs/pull/276505 https://github.com/NixOS/nixpkgs/pull/294783 https://github.com/NixOS/nixpkgs/pull/295129 https://github.com/NixOS/nixpkgs/pull/295142" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" @@ -172,12 +183,12 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -669,6 +680,8 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","120.0.1","124.0.1","124.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2024A1708041600","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-24474","https://nvd.nist.gov/vuln/detail/CVE-2024-24474","qemu","","8.1.5","8.2.2","8.2.2","qemu","2024A0000024474","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22862","https://nvd.nist.gov/vuln/detail/CVE-2024-22862","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022862","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22862","https://nvd.nist.gov/vuln/detail/CVE-2024-22862","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022862","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" @@ -676,11 +689,11 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22861","https://nvd.nist.gov/vuln/detail/CVE-2024-22861","ffmpeg","7.5","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-0953","https://nvd.nist.gov/vuln/detail/CVE-2024-0953","firefox","6.1","124.0.1","124.0.1","124.0.1","firefox","2024A0000000953","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" @@ -688,7 +701,7 @@ https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.8","1.22.1","1.22.1","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22.1","1.22.1","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" @@ -697,10 +710,10 @@ https://github.com/NixOS/nixpkgs/pull/294737" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -1097,8 +1110,10 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","124.0.1","124.0.1","124.0.1","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","lock_updated","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","124.0.1","124.0.1","124.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","CVE-2024-0953","https://nvd.nist.gov/vuln/detail/CVE-2024-0953","firefox","6.1","124.0.1","124.0.1","124.0.1","firefox","2024A0000000953","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-24.03","nix_unstable","CVE-2024-0450","https://nvd.nist.gov/vuln/detail/CVE-2024-0450","python","6.2","2.7.18.7","3.12.2","3.12.2","python","2024A0000000450","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298006 https://github.com/NixOS/nixpkgs/pull/299123 https://github.com/NixOS/nixpkgs/pull/299125" diff --git a/reports/ghaf-24.03/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-24.03/packages.x86_64-linux.generic-x86_64-release.md index 666c59e..6532c97 100644 --- a/reports/ghaf-24.03/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-24.03/packages.x86_64-linux.generic-x86_64-release.md @@ -105,37 +105,44 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | | [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | | [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | @@ -167,7 +174,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* | @@ -177,7 +184,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | @@ -193,9 +200,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -213,7 +220,19 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | + ## All Vulnerabilities Impacting Ghaf @@ -270,7 +289,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.22.1 | 1.22.1 | | | [CVE-2024-0985](https://nvd.nist.gov/vuln/detail/CVE-2024-0985) | postgresql | 8.0 | 15.5 | 16.2 | 16.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287353)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2024-21886](https://nvd.nist.gov/vuln/detail/CVE-2024-21886) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2024-21885](https://nvd.nist.gov/vuln/detail/CVE-2024-21885) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | @@ -351,7 +370,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | @@ -419,7 +438,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) | openssl | 5.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | -| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.4 | | +| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/299945)]* | | [CVE-2024-0408](https://nvd.nist.gov/vuln/detail/CVE-2024-0408) | xorg-server | 5.5 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | @@ -427,7 +446,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -464,7 +483,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.29 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.44.0 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 124.0.1 | 124.0.1 | | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.14 | 2.15 | 2.15 | | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | @@ -476,22 +496,24 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.22.1 | 1.22.1 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.22.1 | 1.22.1 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 124.0.1 | 124.0.1 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | | [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | @@ -502,16 +524,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | | [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | diff --git a/reports/main/data.csv b/reports/main/data.csv index 1f92bd4..4dffbd7 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -4,9 +4,15 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-29944","https://nvd.nist.gov/vuln/detail/CVE-2024-29944","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000029944","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298090 https://github.com/NixOS/nixpkgs/pull/298102 https://github.com/NixOS/nixpkgs/pull/298196" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-29943","https://nvd.nist.gov/vuln/detail/CVE-2024-29943","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000029943","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298090 +https://github.com/NixOS/nixpkgs/pull/298102" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-26283","https://nvd.nist.gov/vuln/detail/CVE-2024-26283","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026283","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-26282","https://nvd.nist.gov/vuln/detail/CVE-2024-26282","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026282","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-26281","https://nvd.nist.gov/vuln/detail/CVE-2024-26281","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000026281","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-25629","https://nvd.nist.gov/vuln/detail/CVE-2024-25629","c-ares","4.4","1.19.1","1.27.0","1.28.0","c-ares","2024A0000025629","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/291030 +https://github.com/NixOS/nixpkgs/pull/291034" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-25062","https://nvd.nist.gov/vuln/detail/CVE-2024-25062","libxml2","7.5","2.11.5","2.12.5","2.12.6","libxml2","2024A0000025062","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286300 https://github.com/NixOS/nixpkgs/pull/296300" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-24806","https://nvd.nist.gov/vuln/detail/CVE-2024-24806","libuv","7.3","1.46.0","1.48.0","1.48.0","libuv","2024A0000024806","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/287226" @@ -23,17 +29,22 @@ https://github.com/NixOS/nixpkgs/pull/287841" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22861","https://nvd.nist.gov/vuln/detail/CVE-2024-22861","ffmpeg","7.5","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-21886","https://nvd.nist.gov/vuln/detail/CVE-2024-21886","xorg-server","7.8","21.1.9","21.1.11","21.1.11","xorg-server","2024A0000021886","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-21885","https://nvd.nist.gov/vuln/detail/CVE-2024-21885","xorg-server","7.8","21.1.9","21.1.11","21.1.11","xorg-server","2024A0000021885","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2615","https://nvd.nist.gov/vuln/detail/CVE-2024-2615","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002615","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2614","https://nvd.nist.gov/vuln/detail/CVE-2024-2614","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002614","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2613","https://nvd.nist.gov/vuln/detail/CVE-2024-2613","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002613","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2612","https://nvd.nist.gov/vuln/detail/CVE-2024-2612","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002612","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2611","https://nvd.nist.gov/vuln/detail/CVE-2024-2611","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002611","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2610","https://nvd.nist.gov/vuln/detail/CVE-2024-2610","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002610","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2609","https://nvd.nist.gov/vuln/detail/CVE-2024-2609","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002609","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2608","https://nvd.nist.gov/vuln/detail/CVE-2024-2608","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002608","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2607","https://nvd.nist.gov/vuln/detail/CVE-2024-2607","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002607","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2606","https://nvd.nist.gov/vuln/detail/CVE-2024-2606","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002606","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-2605","https://nvd.nist.gov/vuln/detail/CVE-2024-2605","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000002605","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-1580","https://nvd.nist.gov/vuln/detail/CVE-2024-1580","dav1d","5.9","1.2.1","1.4.0","1.4.1","dav1d","2024A0000001580","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/288951 https://github.com/NixOS/nixpkgs/pull/290956" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-1557","https://nvd.nist.gov/vuln/detail/CVE-2024-1557","firefox","","120.0.1","124.0.1","124.0.1","firefox","2024A0000001557","False","","err_not_vulnerable_based_on_repology","" @@ -87,7 +98,7 @@ https://github.com/NixOS/nixpkgs/pull/298090 https://github.com/NixOS/nixpkgs/pull/298125" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2024A0000000727","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775 https://github.com/NixOS/nixpkgs/pull/297657" @@ -142,21 +153,21 @@ https://github.com/NixOS/nixpkgs/pull/276505 https://github.com/NixOS/nixpkgs/pull/294783 https://github.com/NixOS/nixpkgs/pull/295129 https://github.com/NixOS/nixpkgs/pull/295142" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" @@ -172,12 +183,12 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -669,6 +680,8 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","120.0.1","124.0.1","124.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2024A1708041600","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-24474","https://nvd.nist.gov/vuln/detail/CVE-2024-24474","qemu","","8.1.5","8.2.2","8.2.2","qemu","2024A0000024474","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22862","https://nvd.nist.gov/vuln/detail/CVE-2024-22862","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022862","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22862","https://nvd.nist.gov/vuln/detail/CVE-2024-22862","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022862","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" @@ -676,11 +689,11 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22861","https://nvd.nist.gov/vuln/detail/CVE-2024-22861","ffmpeg","7.5","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022861","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","6.0","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22860","https://nvd.nist.gov/vuln/detail/CVE-2024-22860","ffmpeg","9.8","4.4.4","6.1.1","6.1.1","ffmpeg","2024A0000022860","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0953","https://nvd.nist.gov/vuln/detail/CVE-2024-0953","firefox","6.1","124.0.1","124.0.1","124.0.1","firefox","2024A0000000953","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-6898-wx94-8jq8","https://osv.dev/GHSA-6898-wx94-8jq8","libnotify","","0.8.3","","","","2023A1694131200","True","Incorrect package: Issue refers node-libnotify https://github.com/mytrile/node-libnotify, whereas nixpkgs refers gnome-libnotify https://gitlab.gnome.org/GNOME/libnotify.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" @@ -688,7 +701,7 @@ https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.8","1.22.1","1.22.1","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.22.1","1.22.1","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" @@ -697,10 +710,10 @@ https://github.com/NixOS/nixpkgs/pull/294737" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.1.1","6.1.1","ffmpeg","2023A0000046407","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292998" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -1097,8 +1110,10 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-0896","https://nvd.nist.gov/vuln/detail/CVE-2007-0896","firefox","","124.0.1","124.0.1","124.0.1","firefox","2007A0000000896","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2003-1492","https://nvd.nist.gov/vuln/detail/CVE-2003-1492","firefox","","124.0.1","124.0.1","124.0.1","firefox","2003A0000001492","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0953","https://nvd.nist.gov/vuln/detail/CVE-2024-0953","firefox","6.1","124.0.1","124.0.1","124.0.1","firefox","2024A0000000953","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0450","https://nvd.nist.gov/vuln/detail/CVE-2024-0450","python","6.2","2.7.18.7","3.12.2","3.12.2","python","2024A0000000450","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298006 https://github.com/NixOS/nixpkgs/pull/299123 https://github.com/NixOS/nixpkgs/pull/299125" @@ -1516,18 +1531,22 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-1999-0475","https://nvd.nist.gov/vuln/detail/CVE-1999-0475","procmail","","3.24","3.24","3.24","procmail","1999A0000000475","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2024A1708041600","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.2","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-25629","https://nvd.nist.gov/vuln/detail/CVE-2024-25629","c-ares","4.4","1.19.1","1.27.0","1.28.0","c-ares","2024A0000025629","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/291030 +https://github.com/NixOS/nixpkgs/pull/291034" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-25062","https://nvd.nist.gov/vuln/detail/CVE-2024-25062","libxml2","7.5","2.11.5","2.12.5","2.12.6","libxml2","2024A0000025062","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286300 https://github.com/NixOS/nixpkgs/pull/296300" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-24806","https://nvd.nist.gov/vuln/detail/CVE-2024-24806","libuv","7.3","1.46.0","1.48.0","1.48.0","libuv","2024A0000024806","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/287226" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-24474","https://nvd.nist.gov/vuln/detail/CVE-2024-24474","qemu","","8.1.3","8.2.2","8.2.2","qemu","2024A0000024474","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2048","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-1580","https://nvd.nist.gov/vuln/detail/CVE-2024-1580","dav1d","5.9","1.2.1","1.4.0","1.4.1","dav1d","2024A0000001580","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/288951 https://github.com/NixOS/nixpkgs/pull/290956" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0727","https://nvd.nist.gov/vuln/detail/CVE-2024-0727","openssl","5.5","3.0.12","3.2.0","3.2.0","ruby:openssl","2024A0000000727","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/285019 https://github.com/NixOS/nixpkgs/pull/285027" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2024-0567","https://nvd.nist.gov/vuln/detail/CVE-2024-0567","gnutls","7.5","3.8.2","3.8.3","3.8.4","gnutls","2024A0000000567","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/281471 https://github.com/NixOS/nixpkgs/pull/281775 https://github.com/NixOS/nixpkgs/pull/297657" @@ -1566,32 +1585,32 @@ https://github.com/NixOS/nixpkgs/pull/276505 https://github.com/NixOS/nixpkgs/pull/294783 https://github.com/NixOS/nixpkgs/pull/295129 https://github.com/NixOS/nixpkgs/pull/295142" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47100","https://nvd.nist.gov/vuln/detail/CVE-2023-47100","perl","9.8","5.38.0","5.38.2","5.38.2","perl","2023A0000047100","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269996 https://github.com/NixOS/nixpkgs/pull/271223" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0212","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.1.0148","9.1.0228","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -1761,23 +1780,25 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2024A1708041600","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-24474","https://nvd.nist.gov/vuln/detail/CVE-2024-24474","qemu","","8.1.5","8.2.2","8.2.2","qemu","2024A0000024474","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0212","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22667","https://nvd.nist.gov/vuln/detail/CVE-2024-22667","vim","7.8","9.0.2116","9.1.0148","9.1.0228","vim","2024A0000022667","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-22365","https://nvd.nist.gov/vuln/detail/CVE-2024-22365","linux-pam","5.5","1.5.2","","","","2024A0000022365","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/282136" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.3","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52356","https://nvd.nist.gov/vuln/detail/CVE-2023-52356","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052356","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-52355","https://nvd.nist.gov/vuln/detail/CVE-2023-52355","libtiff","7.5","4.6.0","4.6.0","4.6.0","tiff","2023A0000052355","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-51258","https://nvd.nist.gov/vuln/detail/CVE-2023-51258","yasm","5.5","1.3.0","1.3.0","1.3.0","yasm","2023A0000051258","False","","fix_not_available","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0212","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.1.0148","9.1.0228","vim","2023A0000048706","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/291707 https://github.com/NixOS/nixpkgs/pull/298863" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.2","5.2.2","giflib","2023A0000048161","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/292662 https://github.com/NixOS/nixpkgs/pull/294737" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046219","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.6.0","8.7.1_2","curl","2023A0000046218","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/285295 https://github.com/NixOS/nixpkgs/pull/288071 https://github.com/NixOS/nixpkgs/pull/299580" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46045","https://nvd.nist.gov/vuln/detail/CVE-2023-46045","graphviz","7.8","9.0.0","10.0.1","10.0.1","graphviz","2023A0000046045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/288188" @@ -1937,7 +1958,9 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","12.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1707782400","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.4","coreutils","2024A0000000684","False","","fix_not_available","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-28835","https://nvd.nist.gov/vuln/detail/CVE-2024-28835","gnutls","5","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028835","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-28834","https://nvd.nist.gov/vuln/detail/CVE-2024-28834","gnutls","5.3","3.8.3","3.8.3","3.8.4","gnutls","2024A0000028834","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298806" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0684","https://nvd.nist.gov/vuln/detail/CVE-2024-0684","coreutils","5.5","9.4","9.4","9.5","coreutils","2024A0000000684","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/299945" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-0450","https://nvd.nist.gov/vuln/detail/CVE-2024-0450","python","6.2","2.7.18.7","3.12.2","3.12.2","python","2024A0000000450","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/298006 https://github.com/NixOS/nixpkgs/pull/299123 https://github.com/NixOS/nixpkgs/pull/299125" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index fac2019..1279326 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -50,16 +50,17 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | ## Vulnerabilities Fixed in nix-unstable @@ -75,22 +76,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base |-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | | [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.8 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4-r4.cabal | 2.2.5 | 2.2.5 | | | [CVE-2021-43138](https://nvd.nist.gov/vuln/detail/CVE-2021-43138) | async | 7.8 | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* | | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | | | [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | | @@ -107,7 +108,13 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | + ## All Vulnerabilities Impacting Ghaf @@ -125,7 +132,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.9.0 | 0.9.0 | 0.10.0 | | | [CVE-2023-5841](https://nvd.nist.gov/vuln/detail/CVE-2023-5841) | openexr | 9.1 | 2.5.8 | 3.2.2 | 3.2.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288214), [PR](https://github.com/NixOS/nixpkgs/pull/289291), [PR](https://github.com/NixOS/nixpkgs/pull/291549)]* | | [CVE-2023-2680](https://nvd.nist.gov/vuln/detail/CVE-2023-2680) | qemu | 8.2 | 8.1.3 | 8.2.2 | 8.2.2 | | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* | | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246) | glibc | 7.8 | 2.38-27 | 2.38-44 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/285587), [PR](https://github.com/NixOS/nixpkgs/pull/285588), [PR](https://github.com/NixOS/nixpkgs/pull/287594)]* | | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911) | glibc | 7.8 | 2.38-27 | 2.38-44 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258972), [PR](https://github.com/NixOS/nixpkgs/pull/258975), [PR](https://github.com/NixOS/nixpkgs/pull/259039), [PR](https://github.com/NixOS/nixpkgs/pull/287594)]* | @@ -149,7 +156,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.3 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.43.4 | 0.43.4 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | | [CVE-2023-6683](https://nvd.nist.gov/vuln/detail/CVE-2023-6683) | qemu | 6.5 | 8.1.3 | 8.2.2 | 8.2.2 | | @@ -165,12 +172,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-48795](https://nvd.nist.gov/vuln/detail/CVE-2023-48795) | libssh2 | 5.9 | 1.11.0 | 1.11.0 | 1.11.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275641), [PR](https://github.com/NixOS/nixpkgs/pull/276505), [PR](https://github.com/NixOS/nixpkgs/pull/294783), [PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295142)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) | openssl | 5.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | -| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.4 | | +| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/299945)]* | | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -182,21 +189,24 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-6992](https://nvd.nist.gov/vuln/detail/CVE-2023-6992) | zlib | 5.5 | 1.3 | 1.3.1 | 1.3.1 | | | [CVE-2023-6228](https://nvd.nist.gov/vuln/detail/CVE-2023-6228) | libtiff | 5.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.44.0 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.14 | 2.15 | 2.15 | | | [CVE-2023-6780](https://nvd.nist.gov/vuln/detail/CVE-2023-6780) | glibc | 5.3 | 2.38-27 | 2.38-44 | 2.39 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285050), [PR](https://github.com/NixOS/nixpkgs/pull/285329), [PR](https://github.com/NixOS/nixpkgs/pull/287594)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.3 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | | [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index f657e03..11dca7b 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -105,37 +105,44 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-50268](https://nvd.nist.gov/vuln/detail/CVE-2023-50268) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-6857](https://nvd.nist.gov/vuln/detail/CVE-2023-6857) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-5680](https://nvd.nist.gov/vuln/detail/CVE-2023-5680) | bind | 5.3 | 9.18.19 | 9.18.25 | 9.18.25 | | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | | [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6135](https://nvd.nist.gov/vuln/detail/CVE-2023-6135) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275441), [PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | | [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | @@ -167,7 +174,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2024-22860](https://nvd.nist.gov/vuln/detail/CVE-2024-22860) | ffmpeg | 9.8 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.3 | 1.3.1 | 1.3.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083), [PR](https://github.com/NixOS/nixpkgs/pull/283179)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-46045](https://nvd.nist.gov/vuln/detail/CVE-2023-46045) | graphviz | 7.8 | 9.0.0 | 10.0.1 | 10.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/288188)]* | @@ -177,7 +184,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-22861](https://nvd.nist.gov/vuln/detail/CVE-2024-22861) | ffmpeg | 7.5 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.2 | 5.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292662), [PR](https://github.com/NixOS/nixpkgs/pull/294737)]* | | [CVE-2023-5088](https://nvd.nist.gov/vuln/detail/CVE-2023-5088) | qemu | 7.0 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.5 | 8.2.2 | 8.2.2 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). *[[PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | @@ -193,9 +200,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.41 | 2.42 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283732)]* | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-6693](https://nvd.nist.gov/vuln/detail/CVE-2023-6693) | qemu | 5.3 | 8.1.5 | 8.2.2 | 8.2.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/284249), [PR](https://github.com/NixOS/nixpkgs/pull/284489), [PR](https://github.com/NixOS/nixpkgs/pull/293594), [PR](https://github.com/NixOS/nixpkgs/pull/298097)]* | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2116 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.5 | 8.2.2 | 8.2.2 | | | [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.2 | 0.21.2 | | @@ -213,7 +220,19 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | + ## All Vulnerabilities Impacting Ghaf @@ -270,7 +289,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-43887](https://nvd.nist.gov/vuln/detail/CVE-2023-43887) | libde265 | 8.1 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643), [PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 8.1 | 1.21.0-linux-amd | 1.22.1 | 1.22.1 | | | [CVE-2024-0985](https://nvd.nist.gov/vuln/detail/CVE-2024-0985) | postgresql | 8.0 | 15.5 | 16.2 | 16.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/287353)]* | -| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-22667](https://nvd.nist.gov/vuln/detail/CVE-2024-22667) | vim | 7.8 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2024-21886](https://nvd.nist.gov/vuln/detail/CVE-2024-21886) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2024-21885](https://nvd.nist.gov/vuln/detail/CVE-2024-21885) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2024-0409](https://nvd.nist.gov/vuln/detail/CVE-2024-0409) | xorg-server | 7.8 | 21.1.9 | 21.1.11 | 21.1.11 | | @@ -351,7 +370,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-51385](https://nvd.nist.gov/vuln/detail/CVE-2023-51385) | openssh | 6.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.15 | 1.0.15 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275720), [PR](https://github.com/NixOS/nixpkgs/pull/276798), [PR](https://github.com/NixOS/nixpkgs/pull/276799)]* | | [CVE-2023-46361](https://nvd.nist.gov/vuln/detail/CVE-2023-46361) | jbig2dec | 6.5 | 0.20 | 0.20 | 0.20 | | -| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2023-46218](https://nvd.nist.gov/vuln/detail/CVE-2023-46218) | curl | 6.5 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.11.5 | 2.12.5 | 2.12.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/283888), [PR](https://github.com/NixOS/nixpkgs/pull/286300), [PR](https://github.com/NixOS/nixpkgs/pull/296300)]* | | [CVE-2023-45231](https://nvd.nist.gov/vuln/detail/CVE-2023-45231) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | | [CVE-2023-45229](https://nvd.nist.gov/vuln/detail/CVE-2023-45229) | edk2 | 6.5 | 202311 | 202402 | 202402 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291000), [PR](https://github.com/NixOS/nixpkgs/pull/291054)]* | @@ -419,7 +438,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | | [CVE-2024-22365](https://nvd.nist.gov/vuln/detail/CVE-2024-22365) | linux-pam | 5.5 | 1.5.2 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/282136)]* | | [CVE-2024-0727](https://nvd.nist.gov/vuln/detail/CVE-2024-0727) | openssl | 5.5 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | -| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.4 | | +| [CVE-2024-0684](https://nvd.nist.gov/vuln/detail/CVE-2024-0684) | coreutils | 5.5 | 9.3 | 9.4 | 9.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/299945)]* | | [CVE-2024-0408](https://nvd.nist.gov/vuln/detail/CVE-2024-0408) | xorg-server | 5.5 | 21.1.9 | 21.1.11 | 21.1.11 | | | [CVE-2023-51384](https://nvd.nist.gov/vuln/detail/CVE-2023-51384) | openssh | 5.5 | 9.5p1 | 9.7p1 | 9.7p1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/295129), [PR](https://github.com/NixOS/nixpkgs/pull/295133), [PR](https://github.com/NixOS/nixpkgs/pull/295184)]* | | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | @@ -427,7 +446,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-50246](https://nvd.nist.gov/vuln/detail/CVE-2023-50246) | jq | 5.5 | 1.7 | 1.7.1 | 1.7.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.1.1 | 6.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/292998)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -464,7 +483,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-29 | 7.1.1.29 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.44.0 | 2.44.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 124.0.1 | 124.0.1 | | -| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | +| [CVE-2024-28834](https://nvd.nist.gov/vuln/detail/CVE-2024-28834) | gnutls | 5.3 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.6.0 | 8.7.1_2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285295), [PR](https://github.com/NixOS/nixpkgs/pull/288071), [PR](https://github.com/NixOS/nixpkgs/pull/299580)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.22.1 | 1.22.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/169511), [PR](https://github.com/NixOS/nixpkgs/pull/228651), [PR](https://github.com/NixOS/nixpkgs/pull/293580)]* | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.14 | 2.15 | 2.15 | | | [CVE-2023-6918](https://nvd.nist.gov/vuln/detail/CVE-2023-6918) | libssh | 5.3 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | @@ -476,22 +496,24 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.2.0 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/285019), [PR](https://github.com/NixOS/nixpkgs/pull/285027)]* | | [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2016-7152](https://nvd.nist.gov/vuln/detail/CVE-2016-7152) | firefox | 5.3 | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-28835](https://nvd.nist.gov/vuln/detail/CVE-2024-28835) | gnutls | 5 | 3.8.2 | 3.8.3 | 3.8.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298806)]* | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.4 | 1.22.1 | 1.22.1 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.22.1 | 1.22.1 | | | [CVE-2023-6004](https://nvd.nist.gov/vuln/detail/CVE-2023-6004) | libssh | 4.8 | 0.10.5 | 0.10.6 | 0.10.6 | *[[PR](https://github.com/NixOS/nixpkgs/pull/275250), [PR](https://github.com/NixOS/nixpkgs/pull/275603), [PR](https://github.com/NixOS/nixpkgs/pull/275604)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 13.2.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 124.0.1 | 124.0.1 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2024-25629](https://nvd.nist.gov/vuln/detail/CVE-2024-25629) | c-ares | 4.4 | 1.19.1 | 1.27.0 | 1.28.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291030), [PR](https://github.com/NixOS/nixpkgs/pull/291034)]* | | [CVE-2024-0749](https://nvd.nist.gov/vuln/detail/CVE-2024-0749) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0748](https://nvd.nist.gov/vuln/detail/CVE-2024-0748) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2024-0742](https://nvd.nist.gov/vuln/detail/CVE-2024-0742) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0212 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.1.0148 | 9.1.0228 | *[[PR](https://github.com/NixOS/nixpkgs/pull/291707), [PR](https://github.com/NixOS/nixpkgs/pull/298863)]* | | [CVE-2023-6871](https://nvd.nist.gov/vuln/detail/CVE-2023-6871) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298125)]* | | [CVE-2023-6870](https://nvd.nist.gov/vuln/detail/CVE-2023-6870) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2023-6868](https://nvd.nist.gov/vuln/detail/CVE-2023-6868) | firefox | 4.3 | 120.0.1 | 124.0.1 | 124.0.1 | | @@ -502,16 +524,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.5 | 2.2.5 | | | [CVE-2024-29944](https://nvd.nist.gov/vuln/detail/CVE-2024-29944) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102), [PR](https://github.com/NixOS/nixpkgs/pull/298196)]* | +| [CVE-2024-29943](https://nvd.nist.gov/vuln/detail/CVE-2024-29943) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298090), [PR](https://github.com/NixOS/nixpkgs/pull/298102)]* | | [CVE-2024-26283](https://nvd.nist.gov/vuln/detail/CVE-2024-26283) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26282](https://nvd.nist.gov/vuln/detail/CVE-2024-26282) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-26281](https://nvd.nist.gov/vuln/detail/CVE-2024-26281) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-24474](https://nvd.nist.gov/vuln/detail/CVE-2024-24474) | qemu | | 8.1.3 | 8.2.2 | 8.2.2 | | +| [CVE-2024-2615](https://nvd.nist.gov/vuln/detail/CVE-2024-2615) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2614](https://nvd.nist.gov/vuln/detail/CVE-2024-2614) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2613](https://nvd.nist.gov/vuln/detail/CVE-2024-2613) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2612](https://nvd.nist.gov/vuln/detail/CVE-2024-2612) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2611](https://nvd.nist.gov/vuln/detail/CVE-2024-2611) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2610](https://nvd.nist.gov/vuln/detail/CVE-2024-2610) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2609](https://nvd.nist.gov/vuln/detail/CVE-2024-2609) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2608](https://nvd.nist.gov/vuln/detail/CVE-2024-2608) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-2607](https://nvd.nist.gov/vuln/detail/CVE-2024-2607) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2606](https://nvd.nist.gov/vuln/detail/CVE-2024-2606) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | +| [CVE-2024-2605](https://nvd.nist.gov/vuln/detail/CVE-2024-2605) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1557](https://nvd.nist.gov/vuln/detail/CVE-2024-1557) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1556](https://nvd.nist.gov/vuln/detail/CVE-2024-1556) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | | | [CVE-2024-1555](https://nvd.nist.gov/vuln/detail/CVE-2024-1555) | firefox | | 120.0.1 | 124.0.1 | 124.0.1 | |