From dd1f4d1ffdc115154a0591a9f45b041803da79b8 Mon Sep 17 00:00:00 2001 From: henrirosten Date: Sat, 5 Oct 2024 03:52:01 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/main/data.csv | 50 ++++++++++++++----- ...6_64-linux.lenovo-x1-carbon-gen11-debug.md | 39 +++++++++++---- 2 files changed, 67 insertions(+), 22 deletions(-) diff --git a/reports/main/data.csv b/reports/main/data.csv index 305e6d5..e1a23ed 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -1,4 +1,5 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-pxg6-pf52-xh8x","https://osv.dev/GHSA-pxg6-pf52-xh8x","cookie","","0.4.6","0.5.0","0.5.0","haskell:cookie","2024A1728000000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45620","https://nvd.nist.gov/vuln/detail/CVE-2024-45620","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045620","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45619","https://nvd.nist.gov/vuln/detail/CVE-2024-45619","opensc","4.3","0.25.1","0.25.1","0.25.1","opensc","2024A0000045619","False","","fix_not_available","" @@ -6,19 +7,19 @@ "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45617","https://nvd.nist.gov/vuln/detail/CVE-2024-45617","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045617","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45616","https://nvd.nist.gov/vuln/detail/CVE-2024-45616","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045616","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45615","https://nvd.nist.gov/vuln/detail/CVE-2024-45615","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045615","False","","fix_not_available","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45306","https://nvd.nist.gov/vuln/detail/CVE-2024-45306","vim","5.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000045306","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/338683 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-45306","https://nvd.nist.gov/vuln/detail/CVE-2024-45306","vim","5.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000045306","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/338683 https://github.com/NixOS/nixpkgs/pull/339041 https://github.com/NixOS/nixpkgs/pull/339177" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43802","https://nvd.nist.gov/vuln/detail/CVE-2024-43802","vim","4.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000043802","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/338683" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43802","https://nvd.nist.gov/vuln/detail/CVE-2024-43802","vim","4.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000043802","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/338683" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000041965","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000041965","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269 https://github.com/NixOS/nixpkgs/pull/338683 https://github.com/NixOS/nixpkgs/pull/339041 https://github.com/NixOS/nixpkgs/pull/339177" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000041957","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000041957","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269 https://github.com/NixOS/nixpkgs/pull/338683 https://github.com/NixOS/nixpkgs/pull/339041 @@ -266,6 +267,7 @@ https://github.com/NixOS/nixpkgs/pull/180021" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-27781","https://nvd.nist.gov/vuln/detail/CVE-2022-27781","curl","7.5","0.4.46","","","","2022A0000027781","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-27776","https://nvd.nist.gov/vuln/detail/CVE-2022-27776","curl","6.5","0.4.46","","","","2022A0000027776","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/170654 https://github.com/NixOS/nixpkgs/pull/170659" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-27470","https://nvd.nist.gov/vuln/detail/CVE-2022-27470","SDL_ttf","7.8","2.0.11","","","","2022A0000027470","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-26691","https://nvd.nist.gov/vuln/detail/CVE-2022-26691","cups","6.7","2.4.10","","","","2022A0000026691","True","Fixed in nixpkgs with PR: https://github.com/NixOS/nixpkgs/pull/174898.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-26488","https://nvd.nist.gov/vuln/detail/CVE-2022-26488","python","7.0","2.7.18.8","3.13.0rc2","3.12.7","python","2022A0000026488","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-25883","https://nvd.nist.gov/vuln/detail/CVE-2022-25883","semver","7.5","1.0.22","1.0.0","7.6.3","semver","2022A0000025883","False","","err_not_vulnerable_based_on_repology","" @@ -482,6 +484,10 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-18589","https://nvd.nist.gov/vuln/detail/CVE-2017-18589","cookie","7.5","0.4.6","0.5.0","0.5.0","haskell:cookie","2017A0000018589","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-18207","https://nvd.nist.gov/vuln/detail/CVE-2017-18207","python","6.5","2.7.18.8","3.13.0rc2","3.12.7","python","2017A0000018207","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-17522","https://nvd.nist.gov/vuln/detail/CVE-2017-17522","python","8.8","2.7.18.8","3.13.0rc2","3.12.7","python","2017A0000017522","False","","fix_update_to_version_nixpkgs","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-12652","https://nvd.nist.gov/vuln/detail/CVE-2017-12652","libpng","9.8","1.2.59","1.6.43","1.6.44","libpng","2017A0000012652","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253 +https://github.com/NixOS/nixpkgs/pull/70286 +https://github.com/NixOS/nixpkgs/pull/70423 +https://github.com/NixOS/nixpkgs/pull/70425" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.7","16.4","17.0","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.5","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.5","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -517,6 +523,7 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-4489","https://nvd.nist.gov/vuln/detail/CVE-2016-4489","libiberty","5.5","13.3.0","","","","2016A0000004489","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-4488","https://nvd.nist.gov/vuln/detail/CVE-2016-4488","libiberty","5.5","13.3.0","","","","2016A0000004488","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-4487","https://nvd.nist.gov/vuln/detail/CVE-2016-4487","libiberty","5.5","13.3.0","","","","2016A0000004487","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-3751","https://nvd.nist.gov/vuln/detail/CVE-2016-3751","libpng","7.8","1.2.59","1.6.43","1.6.44","libpng","2016A0000003751","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-2781","https://nvd.nist.gov/vuln/detail/CVE-2016-2781","coreutils","6.5","9.5","","","","2016A0000002781","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2016-2226","https://nvd.nist.gov/vuln/detail/CVE-2016-2226","libiberty","7.8","13.3.0","","","","2016A0000002226","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-7777","https://nvd.nist.gov/vuln/detail/CVE-2015-7777","void","","0.7.3","0.7.3","0.7.3","haskell:void","2015A0000007777","False","","err_not_vulnerable_based_on_repology","" @@ -524,6 +531,7 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-5652","https://nvd.nist.gov/vuln/detail/CVE-2015-5652","python","","2.7.18.8","3.13.0rc2","3.12.7","python","2015A0000005652","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-4156","https://nvd.nist.gov/vuln/detail/CVE-2015-4156","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004156","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-4155","https://nvd.nist.gov/vuln/detail/CVE-2015-4155","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004155","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2015-0973","https://nvd.nist.gov/vuln/detail/CVE-2015-0973","libpng","","1.2.59","1.6.43","1.6.44","libpng","2015A0000000973","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" @@ -557,17 +565,23 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-9495","https://nvd.nist.gov/vuln/detail/CVE-2014-9495","libpng","","1.2.59","1.6.43","1.6.44","libpng","2014A0000009495","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202402","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202402","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2014-2525","https://nvd.nist.gov/vuln/detail/CVE-2014-2525","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2014A0000002525","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-7354","https://nvd.nist.gov/vuln/detail/CVE-2013-7354","libpng","","1.2.59","1.6.43","1.6.44","libpng","2013A0000007354","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-7353","https://nvd.nist.gov/vuln/detail/CVE-2013-7353","libpng","","1.2.59","1.6.43","1.6.44","libpng","2013A0000007353","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-6954","https://nvd.nist.gov/vuln/detail/CVE-2013-6954","libpng","","1.2.59","1.6.43","1.6.44","libpng","2013A0000006954","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-6393","https://nvd.nist.gov/vuln/detail/CVE-2013-6393","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2013A0000006393","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2013-4392","https://nvd.nist.gov/vuln/detail/CVE-2013-4392","systemd","","256.2","256.4","256.6","systemd","2013A0000004392","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","13.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2011-3045","https://nvd.nist.gov/vuln/detail/CVE-2011-3045","libpng","","1.2.59","1.6.43","1.6.44","libpng","2011A0000003045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2011-2411","https://nvd.nist.gov/vuln/detail/CVE-2011-2411","samba","","4.20.1","4.20.4","4.21.0","samba","2011A0000002411","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.15","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2007-4559","https://nvd.nist.gov/vuln/detail/CVE-2007-4559","python","","2.7.18.8","3.13.0rc2","3.12.7","python","2007A0000004559","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2002-0059","https://nvd.nist.gov/vuln/detail/CVE-2002-0059","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2002A0000000059","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-1999-0475","https://nvd.nist.gov/vuln/detail/CVE-1999-0475","procmail","","3.24","3.24","3.24","procmail","1999A0000000475","False","","fix_not_available","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-pxg6-pf52-xh8x","https://osv.dev/GHSA-pxg6-pf52-xh8x","cookie","","0.4.6","0.5.0","0.5.0","haskell:cookie","2024A1728000000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45620","https://nvd.nist.gov/vuln/detail/CVE-2024-45620","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045620","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45619","https://nvd.nist.gov/vuln/detail/CVE-2024-45619","opensc","4.3","0.25.1","0.25.1","0.25.1","opensc","2024A0000045619","False","","fix_not_available","" @@ -575,19 +589,19 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45617","https://nvd.nist.gov/vuln/detail/CVE-2024-45617","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045617","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45616","https://nvd.nist.gov/vuln/detail/CVE-2024-45616","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045616","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45615","https://nvd.nist.gov/vuln/detail/CVE-2024-45615","opensc","3.9","0.25.1","0.25.1","0.25.1","opensc","2024A0000045615","False","","fix_not_available","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45306","https://nvd.nist.gov/vuln/detail/CVE-2024-45306","vim","5.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000045306","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/338683 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-45306","https://nvd.nist.gov/vuln/detail/CVE-2024-45306","vim","5.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000045306","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/338683 https://github.com/NixOS/nixpkgs/pull/339041 https://github.com/NixOS/nixpkgs/pull/339177" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43802","https://nvd.nist.gov/vuln/detail/CVE-2024-43802","vim","4.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000043802","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/338683" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43802","https://nvd.nist.gov/vuln/detail/CVE-2024-43802","vim","4.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000043802","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/338683" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000041965","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000041965","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269 https://github.com/NixOS/nixpkgs/pull/338683 https://github.com/NixOS/nixpkgs/pull/339041 https://github.com/NixOS/nixpkgs/pull/339177" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0707","9.1.0756","vim","2024A0000041957","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0707","9.1.0757","vim","2024A0000041957","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269 https://github.com/NixOS/nixpkgs/pull/338683 https://github.com/NixOS/nixpkgs/pull/339041 @@ -835,6 +849,7 @@ https://github.com/NixOS/nixpkgs/pull/180021" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-27781","https://nvd.nist.gov/vuln/detail/CVE-2022-27781","curl","7.5","0.4.46","","","","2022A0000027781","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-27776","https://nvd.nist.gov/vuln/detail/CVE-2022-27776","curl","6.5","0.4.46","","","","2022A0000027776","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/170654 https://github.com/NixOS/nixpkgs/pull/170659" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-27470","https://nvd.nist.gov/vuln/detail/CVE-2022-27470","SDL_ttf","7.8","2.0.11","","","","2022A0000027470","False","","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-26691","https://nvd.nist.gov/vuln/detail/CVE-2022-26691","cups","6.7","2.4.10","","","","2022A0000026691","True","Fixed in nixpkgs with PR: https://github.com/NixOS/nixpkgs/pull/174898.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-26488","https://nvd.nist.gov/vuln/detail/CVE-2022-26488","python","7.0","2.7.18.8","3.13.0rc2","3.12.7","python","2022A0000026488","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-25883","https://nvd.nist.gov/vuln/detail/CVE-2022-25883","semver","7.5","1.0.22","1.0.0","7.6.3","semver","2022A0000025883","False","","err_not_vulnerable_based_on_repology","" @@ -1051,6 +1066,10 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-18589","https://nvd.nist.gov/vuln/detail/CVE-2017-18589","cookie","7.5","0.4.6","0.5.0","0.5.0","haskell:cookie","2017A0000018589","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-18207","https://nvd.nist.gov/vuln/detail/CVE-2017-18207","python","6.5","2.7.18.8","3.13.0rc2","3.12.7","python","2017A0000018207","False","","fix_update_to_version_nixpkgs","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-17522","https://nvd.nist.gov/vuln/detail/CVE-2017-17522","python","8.8","2.7.18.8","3.13.0rc2","3.12.7","python","2017A0000017522","False","","fix_update_to_version_nixpkgs","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-12652","https://nvd.nist.gov/vuln/detail/CVE-2017-12652","libpng","9.8","1.2.59","1.6.43","1.6.44","libpng","2017A0000012652","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253 +https://github.com/NixOS/nixpkgs/pull/70286 +https://github.com/NixOS/nixpkgs/pull/70423 +https://github.com/NixOS/nixpkgs/pull/70425" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-8806","https://nvd.nist.gov/vuln/detail/CVE-2017-8806","postgresql","5.5","15.7","16.4","17.0","postgresql","2017A0000008806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5628","https://nvd.nist.gov/vuln/detail/CVE-2017-5628","mujs","7.8","1.3.5","","","","2017A0000005628","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2017-5627","https://nvd.nist.gov/vuln/detail/CVE-2017-5627","mujs","7.8","1.3.5","","","","2017A0000005627","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" @@ -1086,6 +1105,7 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4489","https://nvd.nist.gov/vuln/detail/CVE-2016-4489","libiberty","5.5","13.3.0","","","","2016A0000004489","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4488","https://nvd.nist.gov/vuln/detail/CVE-2016-4488","libiberty","5.5","13.3.0","","","","2016A0000004488","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-4487","https://nvd.nist.gov/vuln/detail/CVE-2016-4487","libiberty","5.5","13.3.0","","","","2016A0000004487","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-3751","https://nvd.nist.gov/vuln/detail/CVE-2016-3751","libpng","7.8","1.2.59","1.6.43","1.6.44","libpng","2016A0000003751","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-2781","https://nvd.nist.gov/vuln/detail/CVE-2016-2781","coreutils","6.5","9.5","","","","2016A0000002781","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2016-2226","https://nvd.nist.gov/vuln/detail/CVE-2016-2226","libiberty","7.8","13.3.0","","","","2016A0000002226","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-7777","https://nvd.nist.gov/vuln/detail/CVE-2015-7777","void","","0.7.3","0.7.3","0.7.3","haskell:void","2015A0000007777","False","","err_not_vulnerable_based_on_repology","" @@ -1093,6 +1113,7 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-5652","https://nvd.nist.gov/vuln/detail/CVE-2015-5652","python","","2.7.18.8","3.13.0rc2","3.12.7","python","2015A0000005652","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-4156","https://nvd.nist.gov/vuln/detail/CVE-2015-4156","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004156","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-4155","https://nvd.nist.gov/vuln/detail/CVE-2015-4155","parallel","","3.2.2.0","3.2.2.0","3.2.2.0","haskell:parallel","2015A0000004155","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2015-0973","https://nvd.nist.gov/vuln/detail/CVE-2015-0973","libpng","","1.2.59","1.6.43","1.6.44","libpng","2015A0000000973","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9907","https://nvd.nist.gov/vuln/detail/CVE-2014-9907","imagemagick","6.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009907","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9854","https://nvd.nist.gov/vuln/detail/CVE-2014-9854","imagemagick","7.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009854","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9853","https://nvd.nist.gov/vuln/detail/CVE-2014-9853","imagemagick","5.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009853","False","","err_not_vulnerable_based_on_repology","" @@ -1126,12 +1147,17 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9806","https://nvd.nist.gov/vuln/detail/CVE-2014-9806","imagemagick","5.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009806","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9805","https://nvd.nist.gov/vuln/detail/CVE-2014-9805","imagemagick","5.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009805","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9804","https://nvd.nist.gov/vuln/detail/CVE-2014-9804","imagemagick","7.5","7.1.1-35","7.1.1-38","7.1.1.38","imagemagick","2014A0000009804","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-9495","https://nvd.nist.gov/vuln/detail/CVE-2014-9495","libpng","","1.2.59","1.6.43","1.6.44","libpng","2014A0000009495","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-4860","https://nvd.nist.gov/vuln/detail/CVE-2014-4860","edk2","6.8","202402","","","","2014A0000004860","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-4859","https://nvd.nist.gov/vuln/detail/CVE-2014-4859","edk2","6.8","202402","","","","2014A0000004859","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2014-2525","https://nvd.nist.gov/vuln/detail/CVE-2014-2525","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2014A0000002525","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2013-7354","https://nvd.nist.gov/vuln/detail/CVE-2013-7354","libpng","","1.2.59","1.6.43","1.6.44","libpng","2013A0000007354","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2013-7353","https://nvd.nist.gov/vuln/detail/CVE-2013-7353","libpng","","1.2.59","1.6.43","1.6.44","libpng","2013A0000007353","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2013-6954","https://nvd.nist.gov/vuln/detail/CVE-2013-6954","libpng","","1.2.59","1.6.43","1.6.44","libpng","2013A0000006954","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2013-6393","https://nvd.nist.gov/vuln/detail/CVE-2013-6393","libyaml","","0.1.4","0.1.4","0.1.4","haskell:libyaml","2013A0000006393","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2013-4392","https://nvd.nist.gov/vuln/detail/CVE-2013-4392","systemd","","256.2","256.4","256.6","systemd","2013A0000004392","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2012-3509","https://nvd.nist.gov/vuln/detail/CVE-2012-3509","libiberty","","13.3.0","","","","2012A0000003509","True","NVD data issue: CPE entry does not correctly state the version numbers.","err_missing_repology_version","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2011-3045","https://nvd.nist.gov/vuln/detail/CVE-2011-3045","libpng","","1.2.59","1.6.43","1.6.44","libpng","2011A0000003045","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/286253" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2011-2411","https://nvd.nist.gov/vuln/detail/CVE-2011-2411","samba","","4.20.1","4.20.4","4.21.0","samba","2011A0000002411","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.15","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2007-4559","https://nvd.nist.gov/vuln/detail/CVE-2007-4559","python","","2.7.18.8","3.13.0rc2","3.12.7","python","2007A0000004559","False","","fix_update_to_version_nixpkgs","" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index c018a7f..7e5773c 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/c818b2cb70810888545aada322dc146fd72e400a. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/e037186f5cd932e3e2ac0579fcac2829aa534399. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -48,9 +48,18 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|------------------------------------------------|---------------|------------|-----------------|----------------|------------|-----------| -| [OSV-2023-1170](https://osv.dev/OSV-2023-1170) | vulkan-loader | | 1.3.283.0 | 1.3.290.0 | 1.3.296 | | +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| [CVE-2017-12652](https://nvd.nist.gov/vuln/detail/CVE-2017-12652) | libpng | 9.8 | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253), [PR](https://github.com/NixOS/nixpkgs/pull/70286), [PR](https://github.com/NixOS/nixpkgs/pull/70423), [PR](https://github.com/NixOS/nixpkgs/pull/70425)]* | +| [CVE-2022-27470](https://nvd.nist.gov/vuln/detail/CVE-2022-27470) | SDL_ttf | 7.8 | 2.0.11 | | | | +| [CVE-2016-3751](https://nvd.nist.gov/vuln/detail/CVE-2016-3751) | libpng | 7.8 | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [GHSA-pxg6-pf52-xh8x](https://osv.dev/GHSA-pxg6-pf52-xh8x) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | | +| [CVE-2015-0973](https://nvd.nist.gov/vuln/detail/CVE-2015-0973) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2014-9495](https://nvd.nist.gov/vuln/detail/CVE-2014-9495) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2013-7354](https://nvd.nist.gov/vuln/detail/CVE-2013-7354) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2013-7353](https://nvd.nist.gov/vuln/detail/CVE-2013-7353) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2013-6954](https://nvd.nist.gov/vuln/detail/CVE-2013-6954) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2011-3045](https://nvd.nist.gov/vuln/detail/CVE-2011-3045) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | @@ -80,6 +89,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-28794](https://nvd.nist.gov/vuln/detail/CVE-2021-28794) | ShellCheck | 9.8 | 0.10.0 | 0.10.0 | 0.10.0 | | | [CVE-2021-3177](https://nvd.nist.gov/vuln/detail/CVE-2021-3177) | python | 9.8 | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/201859)]* | | [CVE-2020-11105](https://nvd.nist.gov/vuln/detail/CVE-2020-11105) | cereal | 9.8 | 0.5.8.3 | 0.5.8.3 | 0.5.8.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/121574), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | +| [CVE-2017-12652](https://nvd.nist.gov/vuln/detail/CVE-2017-12652) | libpng | 9.8 | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253), [PR](https://github.com/NixOS/nixpkgs/pull/70286), [PR](https://github.com/NixOS/nixpkgs/pull/70423), [PR](https://github.com/NixOS/nixpkgs/pull/70425)]* | | [CVE-2016-10145](https://nvd.nist.gov/vuln/detail/CVE-2016-10145) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | | | [CVE-2016-10144](https://nvd.nist.gov/vuln/detail/CVE-2016-10144) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | | | [CVE-2016-5118](https://nvd.nist.gov/vuln/detail/CVE-2016-5118) | imagemagick | 9.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | *[[PR](https://github.com/NixOS/nixpkgs/pull/298535)]* | @@ -130,6 +140,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-1412](https://nvd.nist.gov/vuln/detail/CVE-2023-1412) | warp | 7.8 | 3.3.31 | 3.4.1 | 3.4.2 | | | [CVE-2023-0652](https://nvd.nist.gov/vuln/detail/CVE-2023-0652) | warp | 7.8 | 3.3.31 | 3.4.1 | 3.4.2 | | | [CVE-2022-45868](https://nvd.nist.gov/vuln/detail/CVE-2022-45868) | h2 | 7.8 | 0.3.26 | | | | +| [CVE-2022-27470](https://nvd.nist.gov/vuln/detail/CVE-2022-27470) | SDL_ttf | 7.8 | 2.0.11 | | | | | [CVE-2022-2225](https://nvd.nist.gov/vuln/detail/CVE-2022-2225) | warp | 7.8 | 3.3.31 | 3.4.1 | 3.4.2 | | | [CVE-2022-2145](https://nvd.nist.gov/vuln/detail/CVE-2022-2145) | warp | 7.8 | 3.3.31 | 3.4.1 | 3.4.2 | | | [CVE-2022-0997](https://nvd.nist.gov/vuln/detail/CVE-2022-0997) | network | 7.8 | 3.1.4.0-r1.cabal | 3.2.1.0 | 3.2.4.0 | | @@ -143,6 +154,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2019-11644](https://nvd.nist.gov/vuln/detail/CVE-2019-11644) | safe | 7.8 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.46 | | | | | [CVE-2017-5506](https://nvd.nist.gov/vuln/detail/CVE-2017-5506) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | | +| [CVE-2016-3751](https://nvd.nist.gov/vuln/detail/CVE-2016-3751) | libpng | 7.8 | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | | [CVE-2014-9825](https://nvd.nist.gov/vuln/detail/CVE-2014-9825) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | | | [CVE-2014-9824](https://nvd.nist.gov/vuln/detail/CVE-2014-9824) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | | | [CVE-2014-9823](https://nvd.nist.gov/vuln/detail/CVE-2014-9823) | imagemagick | 7.8 | 7.1.1-35 | 7.1.1-38 | 7.1.1.38 | | @@ -244,7 +256,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 72.1.0 | 75.1.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/331098)]* | | [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336) | python | 5.9 | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/117037), [PR](https://github.com/NixOS/nixpkgs/pull/117082), [PR](https://github.com/NixOS/nixpkgs/pull/118403)]* | | [CVE-2021-3572](https://nvd.nist.gov/vuln/detail/CVE-2021-3572) | pip | 5.7 | 20.3.4-source | 24.0 | 24.2 | | -| [CVE-2024-45306](https://nvd.nist.gov/vuln/detail/CVE-2024-45306) | vim | 5.5 | 9.1.0595 | 9.1.0707 | 9.1.0756 | *[[PR](https://github.com/NixOS/nixpkgs/pull/338683), [PR](https://github.com/NixOS/nixpkgs/pull/339041), [PR](https://github.com/NixOS/nixpkgs/pull/339177)]* | +| [CVE-2024-45306](https://nvd.nist.gov/vuln/detail/CVE-2024-45306) | vim | 5.5 | 9.1.0595 | 9.1.0707 | 9.1.0757 | *[[PR](https://github.com/NixOS/nixpkgs/pull/338683), [PR](https://github.com/NixOS/nixpkgs/pull/339041), [PR](https://github.com/NixOS/nixpkgs/pull/339177)]* | | [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789) | go | 5.5 | 1.21.0-linux-amd | 1.23.1 | 1.23.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/339878), [PR](https://github.com/NixOS/nixpkgs/pull/345737)]* | | [CVE-2024-6923](https://nvd.nist.gov/vuln/detail/CVE-2024-6923) | python | 5.5 | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335172)]* | | [CVE-2023-51258](https://nvd.nist.gov/vuln/detail/CVE-2023-51258) | yasm | 5.5 | 1.3.0 | 1.3.0 | 1.3.0 | | @@ -291,7 +303,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.45.2 | 2.46.0 | 2.46.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0707 | 9.1.0756 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269), [PR](https://github.com/NixOS/nixpkgs/pull/338683), [PR](https://github.com/NixOS/nixpkgs/pull/339041), [PR](https://github.com/NixOS/nixpkgs/pull/339177)]* | +| [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0707 | 9.1.0757 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269), [PR](https://github.com/NixOS/nixpkgs/pull/338683), [PR](https://github.com/NixOS/nixpkgs/pull/339041), [PR](https://github.com/NixOS/nixpkgs/pull/339177)]* | | [CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217) | python | 5.3 | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | | | [CVE-2023-38898](https://nvd.nist.gov/vuln/detail/CVE-2023-38898) | python | 5.3 | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | | | [CVE-2023-33955](https://nvd.nist.gov/vuln/detail/CVE-2023-33955) | console | 5.3 | 0.15.8 | 0.1.0-unstable-2 | | | @@ -313,9 +325,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 13.3.0 | 13.3.0 | 14.2.0 | | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2024-43802](https://nvd.nist.gov/vuln/detail/CVE-2024-43802) | vim | 4.5 | 9.1.0595 | 9.1.0707 | 9.1.0756 | *[[PR](https://github.com/NixOS/nixpkgs/pull/338683)]* | -| [CVE-2024-43790](https://nvd.nist.gov/vuln/detail/CVE-2024-43790) | vim | 4.5 | 9.1.0595 | 9.1.0707 | 9.1.0756 | | -| [CVE-2024-43374](https://nvd.nist.gov/vuln/detail/CVE-2024-43374) | vim | 4.5 | 9.1.0595 | 9.1.0707 | 9.1.0756 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [CVE-2024-43802](https://nvd.nist.gov/vuln/detail/CVE-2024-43802) | vim | 4.5 | 9.1.0595 | 9.1.0707 | 9.1.0757 | *[[PR](https://github.com/NixOS/nixpkgs/pull/338683)]* | +| [CVE-2024-43790](https://nvd.nist.gov/vuln/detail/CVE-2024-43790) | vim | 4.5 | 9.1.0595 | 9.1.0707 | 9.1.0757 | | +| [CVE-2024-43374](https://nvd.nist.gov/vuln/detail/CVE-2024-43374) | vim | 4.5 | 9.1.0595 | 9.1.0707 | 9.1.0757 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2024-8006](https://nvd.nist.gov/vuln/detail/CVE-2024-8006) | libpcap | 4.4 | 1.10.4 | 1.10.4 | 1.10.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/339181), [PR](https://github.com/NixOS/nixpkgs/pull/344303)]* | | [CVE-2023-7256](https://nvd.nist.gov/vuln/detail/CVE-2023-7256) | libpcap | 4.4 | 1.10.4 | 1.10.4 | 1.10.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/339181), [PR](https://github.com/NixOS/nixpkgs/pull/344303)]* | | [CVE-2024-45619](https://nvd.nist.gov/vuln/detail/CVE-2024-45619) | opensc | 4.3 | 0.25.1 | 0.25.1 | 0.25.1 | | @@ -332,7 +344,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2018-14628](https://nvd.nist.gov/vuln/detail/CVE-2018-14628) | samba | 4.3 | 4.20.1 | 4.20.4 | 4.21.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270419)]* | -| [CVE-2024-41965](https://nvd.nist.gov/vuln/detail/CVE-2024-41965) | vim | 4.2 | 9.1.0595 | 9.1.0707 | 9.1.0756 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269), [PR](https://github.com/NixOS/nixpkgs/pull/338683), [PR](https://github.com/NixOS/nixpkgs/pull/339041), [PR](https://github.com/NixOS/nixpkgs/pull/339177)]* | +| [CVE-2024-41965](https://nvd.nist.gov/vuln/detail/CVE-2024-41965) | vim | 4.2 | 9.1.0595 | 9.1.0707 | 9.1.0757 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269), [PR](https://github.com/NixOS/nixpkgs/pull/338683), [PR](https://github.com/NixOS/nixpkgs/pull/339041), [PR](https://github.com/NixOS/nixpkgs/pull/339177)]* | | [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2024-45620](https://nvd.nist.gov/vuln/detail/CVE-2024-45620) | opensc | 3.9 | 0.25.1 | 0.25.1 | 0.25.1 | | @@ -353,6 +365,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 20.3.4-source | 24.0 | 24.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17-lore-over | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 3.3 | 3.3.17-binlore | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | +| [GHSA-pxg6-pf52-xh8x](https://osv.dev/GHSA-pxg6-pf52-xh8x) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.5 | 2.2.5 | 2.2.5 | | | [CVE-2024-8088](https://nvd.nist.gov/vuln/detail/CVE-2024-8088) | python | | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | | | [CVE-2024-5642](https://nvd.nist.gov/vuln/detail/CVE-2024-5642) | python | | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | | @@ -429,9 +442,15 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2015-5652](https://nvd.nist.gov/vuln/detail/CVE-2015-5652) | python | | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | | | [CVE-2015-4156](https://nvd.nist.gov/vuln/detail/CVE-2015-4156) | parallel | | 3.2.2.0 | 3.2.2.0 | 3.2.2.0 | | | [CVE-2015-4155](https://nvd.nist.gov/vuln/detail/CVE-2015-4155) | parallel | | 3.2.2.0 | 3.2.2.0 | 3.2.2.0 | | +| [CVE-2015-0973](https://nvd.nist.gov/vuln/detail/CVE-2015-0973) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2014-9495](https://nvd.nist.gov/vuln/detail/CVE-2014-9495) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | | [CVE-2014-2525](https://nvd.nist.gov/vuln/detail/CVE-2014-2525) | libyaml | | 0.1.4 | 0.1.4 | 0.1.4 | | +| [CVE-2013-7354](https://nvd.nist.gov/vuln/detail/CVE-2013-7354) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2013-7353](https://nvd.nist.gov/vuln/detail/CVE-2013-7353) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | +| [CVE-2013-6954](https://nvd.nist.gov/vuln/detail/CVE-2013-6954) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | | [CVE-2013-6393](https://nvd.nist.gov/vuln/detail/CVE-2013-6393) | libyaml | | 0.1.4 | 0.1.4 | 0.1.4 | | | [CVE-2013-4392](https://nvd.nist.gov/vuln/detail/CVE-2013-4392) | systemd | | 256.2 | 256.4 | 256.6 | | +| [CVE-2011-3045](https://nvd.nist.gov/vuln/detail/CVE-2011-3045) | libpng | | 1.2.59 | 1.6.43 | 1.6.44 | *[[PR](https://github.com/NixOS/nixpkgs/pull/286253)]* | | [CVE-2011-2411](https://nvd.nist.gov/vuln/detail/CVE-2011-2411) | samba | | 4.20.1 | 4.20.4 | 4.21.0 | | | [CVE-2007-4559](https://nvd.nist.gov/vuln/detail/CVE-2007-4559) | python | | 2.7.18.8 | 3.13.0rc2 | 3.12.7 | | | [CVE-1999-0475](https://nvd.nist.gov/vuln/detail/CVE-1999-0475) | procmail | | 3.24 | 3.24 | 3.24 | |