Skip to content

Commit

Permalink
Automatic vulnerability report update
Browse files Browse the repository at this point in the history
  • Loading branch information
@henrirosten @github-actions
henrirosten authored and github-actions[bot] committed Oct 14, 2023
1 parent c7675c6 commit 77ecf49
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 11 deletions.
4 changes: 4 additions & 0 deletions reports/ghaf-23.06/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.4","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-42467","https://nvd.nist.gov/vuln/detail/CVE-2023-42467","qemu","5.5","8.0.0","8.1.1","8.1.1","qemu","2023A0000042467","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256632"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-41175","https://nvd.nist.gov/vuln/detail/CVE-2023-41175","libtiff","6.5","4.5.0","4.5.1","4.6.0","tiff","2023A0000041175","False","","fix_update_to_version_upstream",""
Expand Down Expand Up @@ -347,6 +349,8 @@ https://github.com/NixOS/nixpkgs/pull/84664"
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-41175","https://nvd.nist.gov/vuln/detail/CVE-2023-41175","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000041175","False","","fix_update_to_version_upstream",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-40745","https://nvd.nist.gov/vuln/detail/CVE-2023-40745","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000040745","False","","fix_update_to_version_upstream",""
Expand Down
7 changes: 4 additions & 3 deletions reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,9 +97,9 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h
Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:


| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------|
| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.11.5 | |
| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------|
| [CVE-2023-43785](https://nvd.nist.gov/vuln/detail/CVE-2023-43785) | libX11 | 5.5 | 1.8.4 | 1.8.6 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* |



Expand Down Expand Up @@ -171,6 +171,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base
| [CVE-2023-1916](https://nvd.nist.gov/vuln/detail/CVE-2023-1916) | libtiff | 6.1 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595)]* |
| [CVE-2023-0330](https://nvd.nist.gov/vuln/detail/CVE-2023-0330) | qemu | 6.0 | 8.0.0 | 8.1.1 | 8.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256632)]* |
| [CVE-2023-3301](https://nvd.nist.gov/vuln/detail/CVE-2023-3301) | qemu | 5.6 | 8.0.0 | 8.1.1 | 8.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/244827), [PR](https://github.com/NixOS/nixpkgs/pull/256632)]* |
| [CVE-2023-43785](https://nvd.nist.gov/vuln/detail/CVE-2023-43785) | libX11 | 5.5 | 1.8.4 | 1.8.6 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* |
| [CVE-2023-42467](https://nvd.nist.gov/vuln/detail/CVE-2023-42467) | qemu | 5.5 | 8.0.0 | 8.1.1 | 8.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256632)]* |
| [CVE-2023-40360](https://nvd.nist.gov/vuln/detail/CVE-2023-40360) | qemu | 5.5 | 8.0.0 | 8.1.1 | 8.1.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/251154), [PR](https://github.com/NixOS/nixpkgs/pull/256632)]* |
| [CVE-2023-39742](https://nvd.nist.gov/vuln/detail/CVE-2023-39742) | giflib | 5.5 | 5.2.1 | 5.2.1 | 5.2.1 | |
Expand Down
8 changes: 8 additions & 0 deletions reports/main/data.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-41175","https://nvd.nist.gov/vuln/detail/CVE-2023-41175","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000041175","False","","fix_update_to_version_upstream",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-40745","https://nvd.nist.gov/vuln/detail/CVE-2023-40745","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000040745","False","","fix_update_to_version_upstream",""
Expand Down Expand Up @@ -389,6 +391,8 @@ https://github.com/NixOS/nixpkgs/pull/84664"
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-41175","https://nvd.nist.gov/vuln/detail/CVE-2023-41175","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000041175","False","","fix_update_to_version_upstream",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-40745","https://nvd.nist.gov/vuln/detail/CVE-2023-40745","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000040745","False","","fix_update_to_version_upstream",""
Expand Down Expand Up @@ -766,6 +770,8 @@ https://github.com/NixOS/nixpkgs/pull/84664"
https://github.com/NixOS/nixpkgs/pull/258350
https://github.com/NixOS/nixpkgs/pull/259881
https://github.com/NixOS/nixpkgs/pull/260189"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41175","https://nvd.nist.gov/vuln/detail/CVE-2023-41175","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000041175","False","","fix_update_to_version_upstream",""
"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-40745","https://nvd.nist.gov/vuln/detail/CVE-2023-40745","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000040745","False","","fix_update_to_version_upstream",""
Expand Down Expand Up @@ -1291,6 +1297,8 @@ https://github.com/NixOS/nixpkgs/pull/84664"
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2010-4226","https://nvd.nist.gov/vuln/detail/CVE-2010-4226","cpio","","2.14","","","","2010A0000004226","True","NVD data issue: concerns OpenSuSE, not cpio.","err_missing_repology_version",""
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-w596-4wvx-j9j6","https://osv.dev/GHSA-w596-4wvx-j9j6","py","","1.11.0","1.11.0","1.11.0","python:py","2023A1691452800","False","","err_not_vulnerable_based_on_repology",""
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-45322","https://nvd.nist.gov/vuln/detail/CVE-2023-45322","libxml2","6.5","2.11.5","2.11.5","2.11.5","libxml2","2023A0000045322","False","","fix_not_available",""
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-43785","https://nvd.nist.gov/vuln/detail/CVE-2023-43785","libX11","5.5","1.8.6","1.8.6","1.8.7","libx11","2023A0000043785","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/258841
https://github.com/NixOS/nixpkgs/pull/258996"
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41330","https://nvd.nist.gov/vuln/detail/CVE-2023-41330","snappy","9.8","1.1.10","","","","2023A0000041330","True","Incorrect package: Issue concerns snappy php library: https://github.com/KnpLabs/snappy, whereas, nixpkgs ""snappy"" refers snappy compression library: https://google.github.io/snappy/. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version",""
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-41175","https://nvd.nist.gov/vuln/detail/CVE-2023-41175","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000041175","False","","fix_update_to_version_upstream",""
"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-40745","https://nvd.nist.gov/vuln/detail/CVE-2023-40745","libtiff","6.5","4.5.1","4.5.1","4.6.0","tiff","2023A0000040745","False","","fix_update_to_version_upstream",""
Expand Down
6 changes: 1 addition & 5 deletions reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,11 +63,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h

Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs:


| vuln_id | package | severity | version_local | nix_unstable | upstream | comment |
|-------------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|-----------|
| [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.11.5 | |

```No vulnerabilities```


## All Vulnerabilities Impacting Ghaf
Expand Down
Loading

0 comments on commit 77ecf49

Please sign in to comment.