diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv index 2aa1a26..d072176 100644 --- a/reports/ghaf-23.06/data.csv +++ b/reports/ghaf-23.06/data.csv @@ -8,20 +8,20 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.4","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","5.1.3","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905" @@ -33,8 +33,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -197,13 +198,13 @@ https://github.com/NixOS/nixpkgs/pull/261791" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.0","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.9","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.9","3.1.4","3.2.0","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.0","8.1.3","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" @@ -217,28 +218,28 @@ https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" @@ -251,7 +252,7 @@ https://github.com/NixOS/nixpkgs/pull/268185" https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","3.3","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150 https://github.com/NixOS/nixpkgs/pull/264266" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-3817","https://nvd.nist.gov/vuln/detail/CVE-2023-3817","openssl","5.3","3.0.9","3.1.4","3.2.0","openssl","2023A0000003817","False","openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/246579.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/247537 @@ -302,11 +303,11 @@ https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2828","https://nvd.nist.gov/vuln/detail/CVE-2023-2828","bind","7.5","9.18.14","9.18.20","9.18.20","bind","2023A0000002828","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/239161 https://github.com/NixOS/nixpkgs/pull/268185" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.0","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1999","https://nvd.nist.gov/vuln/detail/CVE-2023-1999","libwebp","7.5","1.3.0","1.3.2","1.3.2","libwebp","2023A0000001999","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255102 https://github.com/NixOS/nixpkgs/pull/255169" @@ -323,7 +324,7 @@ https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","7.2.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","OSV-2023-101","https://osv.dev/OSV-2023-101","qemu","","8.0.0","8.1.3","8.1.3","qemu","2023A0000000101","False","Fixed in qemu 8.0.4: https://github.com/NixOS/nixpkgs/pull/248659.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-48434","https://nvd.nist.gov/vuln/detail/CVE-2022-48434","ffmpeg","8.1","4.4.4","","","","2022A0000048434","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2022-41725","https://nvd.nist.gov/vuln/detail/CVE-2022-41725","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000041725","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -472,20 +473,20 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.14","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884 @@ -501,8 +502,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46316","https://nvd.nist.gov/vuln/detail/CVE-2023-46316","traceroute","5.5","2.1.2","","","","2023A0000046316","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -613,11 +615,11 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -626,28 +628,28 @@ https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7","8.0.5","8.1.3","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" @@ -670,11 +672,11 @@ https://github.com/NixOS/nixpkgs/pull/267666 https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.3","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.2.2","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" @@ -686,7 +688,7 @@ https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2022-41725","https://nvd.nist.gov/vuln/detail/CVE-2022-41725","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000041725","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" diff --git a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md index 811dd90..995d111 100644 --- a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md @@ -75,7 +75,6 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-26965](https://nvd.nist.gov/vuln/detail/CVE-2023-26965) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.1 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | @@ -83,6 +82,7 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | | [CVE-2023-3817](https://nvd.nist.gov/vuln/detail/CVE-2023-3817) | openssl | 5.3 | 3.0.9 | 3.1.4 | 3.2.0 | openssl LTS release 3.0.10 fixes the issue, nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/246579). *[[PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | | [CVE-2023-2975](https://nvd.nist.gov/vuln/detail/CVE-2023-2975) | openssl | 5.3 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/243625), [PR](https://github.com/NixOS/nixpkgs/pull/243938), [PR](https://github.com/NixOS/nixpkgs/pull/247537), [PR](https://github.com/NixOS/nixpkgs/pull/248715), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | +| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 28.0.0 | 28.0.0 | | | [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.1.1 | 28.0.0 | 28.0.0 | | | [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.1.1 | 28.0.0 | 28.0.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | @@ -110,9 +110,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.0 | 1.2.2 | 1.3.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------| +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | @@ -141,17 +141,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.0 | 8.1.3 | 8.1.3 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | | [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.4 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | @@ -167,7 +167,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-35790](https://nvd.nist.gov/vuln/detail/CVE-2023-35790) | libjxl | 7.5 | 0.8.1 | 0.8.2 | 0.8.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/237913), [PR](https://github.com/NixOS/nixpkgs/pull/238274)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.9 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.14 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.0 | 8.1.3 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | @@ -177,7 +177,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-2829](https://nvd.nist.gov/vuln/detail/CVE-2023-2829) | bind | 7.5 | 9.18.14 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | | [CVE-2023-2828](https://nvd.nist.gov/vuln/detail/CVE-2023-2828) | bind | 7.5 | 9.18.14 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239161), [PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | | [CVE-2023-1999](https://nvd.nist.gov/vuln/detail/CVE-2023-1999) | libwebp | 7.5 | 1.3.0 | 1.3.2 | 1.3.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/255102), [PR](https://github.com/NixOS/nixpkgs/pull/255169)]* | -| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264177)]* | +| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/274726)]* | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-34241](https://nvd.nist.gov/vuln/detail/CVE-2023-34241) | cups | 7.1 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/240840), [PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | @@ -210,7 +210,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.0 | 6.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.0 | 6.1 | | | [CVE-2023-46316](https://nvd.nist.gov/vuln/detail/CVE-2023-46316) | traceroute | 5.5 | 2.1.2 | | | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -236,15 +236,15 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.6.0 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.1 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.4 | 1.21.5 | 1.21.5 | | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.4 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | @@ -258,16 +258,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.4 | 1.21.5 | 1.21.5 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2116 | 9.0.2167 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2116 | 9.0.2172 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.2 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/264349)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.2.1 | 23.3.1 | | +| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.1.1 | 28.0.0 | 28.0.0 | | | [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.1.1 | 28.0.0 | 28.0.0 | | | [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.1.1 | 28.0.0 | 28.0.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | diff --git a/reports/ghaf-23.09/data.csv b/reports/ghaf-23.09/data.csv index 7849d1f..72f2f61 100644 --- a/reports/ghaf-23.09/data.csv +++ b/reports/ghaf-23.09/data.csv @@ -7,20 +7,20 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.7","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.14","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884 @@ -35,8 +35,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -175,13 +176,13 @@ https://github.com/NixOS/nixpkgs/pull/272411" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.10","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5363","https://nvd.nist.gov/vuln/detail/CVE-2023-5363","openssl","7.5","3.0.10","3.1.4","3.2.0","openssl","2023A0000005363","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263150 https://github.com/NixOS/nixpkgs/pull/265619" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7.0","8.0.4","8.1.3","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" @@ -195,28 +196,28 @@ https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" @@ -229,7 +230,7 @@ https://github.com/NixOS/nixpkgs/pull/268185" https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","3.3","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150 https://github.com/NixOS/nixpkgs/pull/264266" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-3603","https://nvd.nist.gov/vuln/detail/CVE-2023-3603","libssh","6.5","0.10.5","","","","2023A0000003603","True","Based on https://security-tracker.debian.org/tracker/CVE-2023-3603 and https://bugzilla.redhat.com/show_bug.cgi?id=2221791, vulnerable code is not present in 0.10.5 or any currently released version.","err_missing_repology_version","" @@ -250,11 +251,11 @@ https://github.com/NixOS/nixpkgs/pull/267666 https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.4","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.4","8.1.3","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.2.2","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" @@ -263,7 +264,7 @@ https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2023-390","https://osv.dev/OSV-2023-390","qemu","","8.0.4","8.1.3","8.1.3","qemu","2023A0000000390","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","OSV-2023-137","https://osv.dev/OSV-2023-137","harfbuzz","","7.2.0","","","","2023A0000000137","True","Based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=56510#c2, the issue is fixed in range https://github.com/harfbuzz/harfbuzz/compare/67e01c1292821e7b6fc2ab13acddb84ab41b2187...60841e26187576bff477c1a09ee2ffe544844abc all of which have been merged in 7.1.0.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-48434","https://nvd.nist.gov/vuln/detail/CVE-2022-48434","ffmpeg","8.1","4.4.4","","","","2022A0000048434","True","Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.3 https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d4b7b3c03ee2baf0166ce49dff17ec9beff684db.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2022-41725","https://nvd.nist.gov/vuln/detail/CVE-2022-41725","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000041725","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" @@ -430,20 +431,20 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.20.8","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.17.13-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.14","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884 @@ -458,8 +459,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","5.1.3","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.1.1","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.1.1","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.2.13","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -572,11 +574,11 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-6277","https://nvd.nist.gov/vuln/detail/CVE-2023-6277","libtiff","6.5","4.5.1","4.6.0","4.6.0","tiff","2023A0000006277","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5752","https://nvd.nist.gov/vuln/detail/CVE-2023-5752","pip","3.3","23.0.1-source","23.2.1","23.3.1","pip","2023A0000005752","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5678","https://nvd.nist.gov/vuln/detail/CVE-2023-5678","openssl","5.3","3.0.12","3.1.4","3.2.0","openssl","2023A0000005678","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/269450" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005535","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005441","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000005344","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 @@ -585,28 +587,28 @@ https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-5088","https://nvd.nist.gov/vuln/detail/CVE-2023-5088","qemu","7","8.0.5","8.1.3","8.1.3","qemu","2023A0000005088","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" @@ -629,11 +631,11 @@ https://github.com/NixOS/nixpkgs/pull/267666 https://github.com/NixOS/nixpkgs/pull/269013 https://github.com/NixOS/nixpkgs/pull/270931" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2167","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.2116","9.0.2172","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.3","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.0","1.2.2","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" @@ -645,7 +647,7 @@ https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2022-41725","https://nvd.nist.gov/vuln/detail/CVE-2022-41725","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2022A0000041725","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" diff --git a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md index 863656f..07bd93e 100644 --- a/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md @@ -52,7 +52,7 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43785](https://nvd.nist.gov/vuln/detail/CVE-2023-43785) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.4 | 8.1.3 | 8.1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | -| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | +| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 28.0.0 | 28.0.0 | | | [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.7.0 | 28.0.0 | 28.0.0 | | | [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.7.0 | 28.0.0 | 28.0.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | @@ -77,9 +77,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.0 | 1.2.2 | 1.3.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------| +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | @@ -106,17 +106,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 5.1.3 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-47470](https://nvd.nist.gov/vuln/detail/CVE-2023-47470) | ffmpeg | 7.8 | 4.4.4 | 6.0 | 6.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/271905)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.4 | 8.1.3 | 8.1.3 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287) | go | 7.5 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | | [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.20.7 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | @@ -131,12 +131,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378), [PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363) | openssl | 7.5 | 3.0.10 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263150), [PR](https://github.com/NixOS/nixpkgs/pull/265619)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.16 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.4 | 8.1.3 | 8.1.3 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | | [CVE-2023-3341](https://nvd.nist.gov/vuln/detail/CVE-2023-3341) | bind | 7.5 | 9.18.16 | 9.18.20 | 9.18.20 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469), [PR](https://github.com/NixOS/nixpkgs/pull/268185)]* | -| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264177)]* | +| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/274726)]* | | [CVE-2023-48161](https://nvd.nist.gov/vuln/detail/CVE-2023-48161) | giflib | 7.1 | 5.2.1 | 5.2.1 | 5.2.1 | | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-2861](https://nvd.nist.gov/vuln/detail/CVE-2023-2861) | qemu | 7.1 | 8.0.4 | 8.1.3 | 8.1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/244827), [PR](https://github.com/NixOS/nixpkgs/pull/267666), [PR](https://github.com/NixOS/nixpkgs/pull/269013), [PR](https://github.com/NixOS/nixpkgs/pull/270931)]* | @@ -163,7 +163,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39318](https://nvd.nist.gov/vuln/detail/CVE-2023-39318) | go | 6.1 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 5.1.3 | 6.0 | 6.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.0 | 6.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | @@ -184,12 +184,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2167 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.2116 | 9.0.2172 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.1.1 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.20.7 | 1.21.5 | 1.21.5 | | | [CVE-2023-45284](https://nvd.nist.gov/vuln/detail/CVE-2023-45284) | go | 5.3 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.20.7 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | @@ -200,16 +200,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.20.7 | 1.21.5 | 1.21.5 | | | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.17.13-linux-am | 1.21.5 | 1.21.5 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2116 | 9.0.2167 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.1441 | 9.0.2116 | 9.0.2172 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.1441 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.2 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/264349)]* | | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 23.0.1-source | 23.2.1 | 23.3.1 | | +| [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [GHSA-7m48-wc93-9g85](https://osv.dev/GHSA-7m48-wc93-9g85) | electron | | 25.7.0 | 28.0.0 | 28.0.0 | | | [GHSA-j7hp-h8jx-5ppr](https://osv.dev/GHSA-j7hp-h8jx-5ppr) | electron | | 25.7.0 | 28.0.0 | 28.0.0 | | | [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 25.7.0 | 28.0.0 | 28.0.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268612)]* | diff --git a/reports/main/data.csv b/reports/main/data.csv index bf403b3..87f6e25 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -5,20 +5,20 @@ "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.14","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884 @@ -34,8 +34,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -111,6 +112,7 @@ https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.1.3","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.1.3","8.1.3","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.2","1.2.2","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.1","0.21.1","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.2","1.2.2","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.45","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -124,7 +126,7 @@ https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.42.0","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" @@ -388,20 +390,20 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.4","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47471","https://nvd.nist.gov/vuln/detail/CVE-2023-47471","libde265","6.5","1.0.12","1.0.14","1.0.14","libde265","2023A0000047471","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268884 @@ -417,8 +419,9 @@ https://github.com/NixOS/nixpkgs/pull/271223" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -494,6 +497,7 @@ https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.1.3","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.1.3","8.1.3","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.2","1.2.2","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.1","0.21.1","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.2","1.2.2","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.45","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -507,7 +511,7 @@ https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.42.0","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" @@ -774,13 +778,14 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49465","https://nvd.nist.gov/vuln/detail/CVE-2023-49465","libde265","8.8","1.0.14","1.0.14","1.0.14","libde265","2023A0000049465","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.5","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-49292","https://nvd.nist.gov/vuln/detail/CVE-2023-49292","go","4.8","1.21.0-linux-amd64-bootstrap","1.21.5","1.21.5","go","2023A0000049292","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","6.0","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-47470","https://nvd.nist.gov/vuln/detail/CVE-2023-47470","ffmpeg","7.8","4.4.4","6.0","6.1","ffmpeg","2023A0000047470","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/271905" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","6.0","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46407","https://nvd.nist.gov/vuln/detail/CVE-2023-46407","ffmpeg","5.5","4.4.4","6.0","6.1","ffmpeg","2023A0000046407","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46361","https://nvd.nist.gov/vuln/detail/CVE-2023-46361","jbig2dec","6.5","0.20","0.20","0.20","jbig2dec","2023A0000046361","False","","fix_not_available","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -841,6 +846,7 @@ https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.1.3","8.1.3","8.1.3","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.1.3","8.1.3","8.1.3","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-1307","https://osv.dev/OSV-2023-1307","libbpf","","1.2.2","1.2.2","1.3.0","libbpf","2023A0000001307","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-1295","https://osv.dev/OSV-2023-1295","libraw","","0.21.1","0.21.1","0.21.1","libraw","2023A0000001295","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.2","1.2.2","1.3.0","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-675","https://osv.dev/OSV-2023-675","flac","","1.4.3","1.4.3","1.4.3","flac","2023A0000000675","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.45","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -854,7 +860,7 @@ https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-43552","https://nvd.nist.gov/vuln/detail/CVE-2022-43552","curl","5.9","0.4.44","","","","2022A0000043552","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/207158 https://github.com/NixOS/nixpkgs/pull/207162 https://github.com/NixOS/nixpkgs/pull/207165" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/264177" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-43357","https://nvd.nist.gov/vuln/detail/CVE-2022-43357","sassc","7.5","3.6.2","3.6.2","3.6.2","sassc","2022A0000043357","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/274726" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","PYSEC-2022-42969","https://osv.dev/PYSEC-2022-42969","py","","1.11.0","","","","2022A0000042969","True","Same as CVE-2022-42969.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-42969","https://nvd.nist.gov/vuln/detail/CVE-2022-42969","py","7.5","1.11.0","","","","2022A0000042969","True","Disputed upstream: https://github.com/pytest-dev/py/issues/287#issuecomment-1283567565.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.42.0","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" @@ -1115,26 +1121,27 @@ https://github.com/NixOS/nixpkgs/pull/82958" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-47100","https://nvd.nist.gov/vuln/detail/CVE-2023-47100","perl","9.8","5.38.0","5.38.2","5.38.2","perl","2023A0000047100","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269996 https://github.com/NixOS/nixpkgs/pull/271223" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -1260,26 +1267,27 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48237","https://nvd.nist.gov/vuln/detail/CVE-2023-48237","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048237","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48236","https://nvd.nist.gov/vuln/detail/CVE-2023-48236","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048236","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48235","https://nvd.nist.gov/vuln/detail/CVE-2023-48235","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048235","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48234","https://nvd.nist.gov/vuln/detail/CVE-2023-48234","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048234","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48233","https://nvd.nist.gov/vuln/detail/CVE-2023-48233","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048233","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48232","https://nvd.nist.gov/vuln/detail/CVE-2023-48232","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048232","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48231","https://nvd.nist.gov/vuln/detail/CVE-2023-48231","vim","4.3","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000048231","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-47100","https://nvd.nist.gov/vuln/detail/CVE-2023-47100","perl","9.8","5.38.0","5.38.2","5.38.2","perl","2023A0000047100","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/269996 https://github.com/NixOS/nixpkgs/pull/271223" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2167","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46246","https://nvd.nist.gov/vuln/detail/CVE-2023-46246","vim","5.5","9.0.2048","9.0.2116","9.0.2172","vim","2023A0000046246","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/268532 https://github.com/NixOS/nixpkgs/pull/271373" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" @@ -1405,8 +1413,9 @@ https://github.com/NixOS/nixpkgs/pull/84664" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-gmwp-3pwc-3j3g","https://osv.dev/GHSA-gmwp-3pwc-3j3g","mockery","","0.3.5","0.3.5","0.3.5","haskell:mockery","2023A1690502400","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.4","2.2.4","2.2.5","haskell:async","2023A1674432000","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.0.2167","vim","2023A0000048706","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48706","https://nvd.nist.gov/vuln/detail/CVE-2023-48706","vim","4.7","9.0.2116","9.0.2116","9.0.2172","vim","2023A0000048706","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-48161","https://nvd.nist.gov/vuln/detail/CVE-2023-48161","giflib","7.1","5.2.1","5.2.1","5.2.1","giflib","2023A0000048161","False","","fix_not_available","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46219","https://nvd.nist.gov/vuln/detail/CVE-2023-46219","curl","5.3","8.4.0","8.4.0","8.5.0","curl","2023A0000046219","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-46218","https://nvd.nist.gov/vuln/detail/CVE-2023-46218","curl","6.5","8.4.0","8.4.0","8.5.0","curl","2023A0000046218","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/272886" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45853","https://nvd.nist.gov/vuln/detail/CVE-2023-45853","zlib","9.8","1.3","1.3","1.3","zlib","2023A0000045853","False","","fix_not_available","https://github.com/NixOS/nixpkgs/pull/262722 https://github.com/NixOS/nixpkgs/pull/263083" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index bb20967..dacf466 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -41,14 +41,14 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | vuln_id | package | severity | version_local | nix_unstable | upstream | comment | |-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| | [CVE-2023-47100](https://nvd.nist.gov/vuln/detail/CVE-2023-47100) | perl | 9.8 | 5.38.0 | 5.38.2 | 5.38.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269996), [PR](https://github.com/NixOS/nixpkgs/pull/271223)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | @@ -59,9 +59,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.2 | 1.2.2 | 1.3.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------| +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | @@ -93,7 +93,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-6277](https://nvd.nist.gov/vuln/detail/CVE-2023-6277) | libtiff | 6.5 | 4.6.0 | 4.6.0 | 4.6.0 | | | [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.38-27 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* | | [CVE-2023-3019](https://nvd.nist.gov/vuln/detail/CVE-2023-3019) | qemu | 6.5 | 8.1.3 | 8.1.3 | 8.1.3 | Revisit when fixed upstream: [link](https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html). | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -103,16 +103,17 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 12.3.0 | 13.2.0 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.0.2116 | 9.0.2167 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.0.2116 | 9.0.2172 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [GHSA-w596-4wvx-j9j6](https://osv.dev/GHSA-w596-4wvx-j9j6) | py | | 1.11.0 | 1.11.0 | 1.11.0 | | | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.4 | 2.2.5 | | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index 1ff73dd..7569951 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -46,7 +46,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285) | go | 7.5 | 1.21.4 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | | [CVE-2023-47471](https://nvd.nist.gov/vuln/detail/CVE-2023-47471) | libde265 | 6.5 | 1.0.12 | 1.0.14 | 1.0.14 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268884), [PR](https://github.com/NixOS/nixpkgs/pull/269131), [PR](https://github.com/NixOS/nixpkgs/pull/271642), [PR](https://github.com/NixOS/nixpkgs/pull/271643)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.11.1 | 2.11.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/267515)]* | | [CVE-2023-38473](https://nvd.nist.gov/vuln/detail/CVE-2023-38473) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38472](https://nvd.nist.gov/vuln/detail/CVE-2023-38472) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | @@ -54,13 +54,13 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38470](https://nvd.nist.gov/vuln/detail/CVE-2023-38470) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-38469](https://nvd.nist.gov/vuln/detail/CVE-2023-38469) | avahi | 5.5 | 0.8 | 0.8 | 0.8 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269599)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | @@ -71,9 +71,10 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------| -| [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.2 | 1.2.2 | 1.3.0 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|--------------------------------------------------------| +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | +| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.1 | 0.21.1 | | @@ -134,7 +135,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27-source-u | | | | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.38-27 | | | | -| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264177)]* | +| [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/274726)]* | | [CVE-2022-27782](https://nvd.nist.gov/vuln/detail/CVE-2022-27782) | curl | 7.5 | 0.4.44 | | | | | [CVE-2022-27781](https://nvd.nist.gov/vuln/detail/CVE-2022-27781) | curl | 7.5 | 0.4.44 | | | | | [CVE-2018-13162](https://nvd.nist.gov/vuln/detail/CVE-2018-13162) | alex | 7.5 | 3.3.0.0 | 3.3.0.0 | 3.4.0.1 | | @@ -198,7 +199,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 6.0 | 6.0 | 6.1 | | | [CVE-2023-46407](https://nvd.nist.gov/vuln/detail/CVE-2023-46407) | ffmpeg | 5.5 | 4.4.4 | 6.0 | 6.1 | | -| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-46246](https://nvd.nist.gov/vuln/detail/CVE-2023-46246) | vim | 5.5 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-42366](https://nvd.nist.gov/vuln/detail/CVE-2023-42366) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42365](https://nvd.nist.gov/vuln/detail/CVE-2023-42365) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | | [CVE-2023-42364](https://nvd.nist.gov/vuln/detail/CVE-2023-42364) | busybox | 5.5 | 1.36.1 | 1.36.1 | 1.36.1 | | @@ -233,6 +234,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2014-9805](https://nvd.nist.gov/vuln/detail/CVE-2014-9805) | imagemagick | 5.5 | 7.1.1-21 | 7.1.1-21 | 7.1.1.23 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.42.0 | 2.42.0 | 2.43.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2018-8024](https://nvd.nist.gov/vuln/detail/CVE-2018-8024) | firefox | 5.4 | 120.0.1 | 120.0.1 | 120.0.1 | | +| [CVE-2023-46219](https://nvd.nist.gov/vuln/detail/CVE-2023-46219) | curl | 5.3 | 8.4.0 | 8.4.0 | 8.5.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272886)]* | | [CVE-2023-39326](https://nvd.nist.gov/vuln/detail/CVE-2023-39326) | go | 5.3 | 1.21.4 | 1.21.5 | 1.21.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/272362), [PR](https://github.com/NixOS/nixpkgs/pull/272411)]* | | [CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) | openssl | 5.3 | 3.0.12 | 3.1.4 | 3.2.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/269450)]* | | [CVE-2016-7153](https://nvd.nist.gov/vuln/detail/CVE-2016-7153) | firefox | 5.3 | 120.0.1 | 120.0.1 | 120.0.1 | | @@ -241,14 +243,14 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-49292](https://nvd.nist.gov/vuln/detail/CVE-2023-49292) | go | 4.8 | 1.21.0-linux-amd | 1.21.5 | 1.21.5 | | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.3.0 | 12.3.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 120.0.1 | 120.0.1 | 120.0.1 | | -| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.0.2116 | 9.0.2167 | | -| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | -| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2167 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48706](https://nvd.nist.gov/vuln/detail/CVE-2023-48706) | vim | 4.7 | 9.0.2048 | 9.0.2116 | 9.0.2172 | | +| [CVE-2023-48237](https://nvd.nist.gov/vuln/detail/CVE-2023-48237) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48236](https://nvd.nist.gov/vuln/detail/CVE-2023-48236) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48235](https://nvd.nist.gov/vuln/detail/CVE-2023-48235) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48234](https://nvd.nist.gov/vuln/detail/CVE-2023-48234) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48233](https://nvd.nist.gov/vuln/detail/CVE-2023-48233) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48232](https://nvd.nist.gov/vuln/detail/CVE-2023-48232) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | +| [CVE-2023-48231](https://nvd.nist.gov/vuln/detail/CVE-2023-48231) | vim | 4.3 | 9.0.2048 | 9.0.2116 | 9.0.2172 | *[[PR](https://github.com/NixOS/nixpkgs/pull/268532), [PR](https://github.com/NixOS/nixpkgs/pull/271373)]* | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | | [CVE-2020-8284](https://nvd.nist.gov/vuln/detail/CVE-2020-8284) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/106452)]* | @@ -256,6 +258,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [GHSA-gmwp-3pwc-3j3g](https://osv.dev/GHSA-gmwp-3pwc-3j3g) | mockery | | 0.3.5 | 0.3.5 | 0.3.5 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.4 | 2.2.4 | 2.2.5 | | | [OSV-2023-1307](https://osv.dev/OSV-2023-1307) | libbpf | | 1.2.2 | 1.2.2 | 1.3.0 | | +| [OSV-2023-1295](https://osv.dev/OSV-2023-1295) | libraw | | 0.21.1 | 0.21.1 | 0.21.1 | | | [OSV-2023-877](https://osv.dev/OSV-2023-877) | libbpf | | 1.2.2 | 1.2.2 | 1.3.0 | | | [OSV-2023-675](https://osv.dev/OSV-2023-675) | flac | | 1.4.3 | 1.4.3 | 1.4.3 | | | [OSV-2023-505](https://osv.dev/OSV-2023-505) | file | | 5.45 | 5.45 | 5.45 | Unclear if this is still valid. |