Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten
henrirosten committed Nov 8, 2023
1 parent 772d97b commit 73d1492
Show file tree
Hide file tree
Showing 5 changed files with 285 additions and 351 deletions.
4 changes: 4 additions & 0 deletions reports/ghaf-23.09/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,8 @@ https://github.com/NixOS/nixpkgs/pull/265047"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31972","https://nvd.nist.gov/vuln/detail/CVE-2023-31972","yasm","5.5","1.3.0","","","","2023A0000031972","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31794","https://nvd.nist.gov/vuln/detail/CVE-2023-31794","mupdf","5.5","1.21.1","1.23.0","1.23.5","mupdf","2023A0000031794","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/250130
https://github.com/NixOS/nixpkgs/pull/261113"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0-env","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","current","CVE-2023-31484","https://nvd.nist.gov/vuln/detail/CVE-2023-31484","perl","8.1","5.36.0-env","5.38.0","5.38.0","perl","2023A0000031484","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/241848
Expand Down Expand Up @@ -387,6 +389,8 @@ https://github.com/NixOS/nixpkgs/pull/265047"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31974","https://nvd.nist.gov/vuln/detail/CVE-2023-31974","yasm","5.5","1.3.0","","","","2023A0000031974","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31973","https://nvd.nist.gov/vuln/detail/CVE-2023-31973","yasm","5.5","1.3.0","","","","2023A0000031973","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31972","https://nvd.nist.gov/vuln/detail/CVE-2023-31972","yasm","5.5","1.3.0","","","","2023A0000031972","True","Crash in CLI tool, no security impact.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31794","https://nvd.nist.gov/vuln/detail/CVE-2023-31794","mupdf","5.5","1.21.1","1.23.0","1.23.5","mupdf","2023A0000031794","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/250130
https://github.com/NixOS/nixpkgs/pull/261113"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0-env","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31486","https://nvd.nist.gov/vuln/detail/CVE-2023-31486","perl","8.1","5.36.0","","","","2023A0000031486","True","Fixed upstream with https://github.com/chansen/p5-http-tiny/pull/153 and nixpkgs patched the issue already in 08/2022 with https://github.com/NixOS/nixpkgs/pull/187480.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.09","lock_updated","CVE-2023-31484","https://nvd.nist.gov/vuln/detail/CVE-2023-31484","perl","8.1","5.36.0-env","5.38.0","5.38.0","perl","2023A0000031484","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/241848
Expand Down
7 changes: 6 additions & 1 deletion reports/ghaf-23.09/packages.x86_64-linux.generic-x86_64-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,11 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:

```No vulnerabilities```

| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------|
| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.0 | 1.23.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/250130), [PR](https://github.com/NixOS/nixpkgs/pull/261113)]* |



## All Vulnerabilities Impacting Ghaf
Expand Down Expand Up @@ -143,6 +147,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.4 | 8.1.2 | 8.1.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/261753)]* |
| [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.1 | 5.2.1 | |
| [CVE-2023-38857](https://nvd.nist.gov/vuln/detail/CVE-2023-38857) | faad2 | 5.5 | 2.10.1 | 2.10.1 | 2.11.0 | |
| [CVE-2023-31794](https://nvd.nist.gov/vuln/detail/CVE-2023-31794) | mupdf | 5.5 | 1.21.1 | 1.23.0 | 1.23.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/250130), [PR](https://github.com/NixOS/nixpkgs/pull/261113)]* |
| [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | |
| [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | |
| [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | |
Expand Down
Loading

0 comments on commit 73d1492

Please sign in to comment.