From 932e773c768f79819dea084d8a717a9e7231b273 Mon Sep 17 00:00:00 2001 From: henrirosten Date: Sat, 4 Nov 2023 03:37:54 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/ghaf-23.06/data.csv | 56 +++---- ...ges.x86_64-linux.generic-x86_64-release.md | 34 ++-- reports/main/data.csv | 151 ++++++++++-------- ...cv64-linux.microchip-icicle-kit-release.md | 54 +++---- ...ges.x86_64-linux.generic-x86_64-release.md | 84 +++++----- 5 files changed, 196 insertions(+), 183 deletions(-) diff --git a/reports/ghaf-23.06/data.csv b/reports/ghaf-23.06/data.csv index ac1ce1a..7df5167 100644 --- a/reports/ghaf-23.06/data.csv +++ b/reports/ghaf-23.06/data.csv @@ -135,9 +135,9 @@ https://github.com/NixOS/nixpkgs/pull/261791" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-24536","https://nvd.nist.gov/vuln/detail/CVE-2023-24536","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000024536","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-24534","https://nvd.nist.gov/vuln/detail/CVE-2023-24534","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000024534","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-24532","https://nvd.nist.gov/vuln/detail/CVE-2023-24532","go","5.3","1.17.13-linux-amd64-bootstrap","","","","2023A0000024532","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4863","https://nvd.nist.gov/vuln/detail/CVE-2023-4863","libwebp","8.8","1.3.0","1.3.2","1.3.2","libwebp","2023A0000004863","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255339 https://github.com/NixOS/nixpkgs/pull/255786 @@ -149,21 +149,21 @@ https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.8","2.4.2","2.4.7","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256378 @@ -222,11 +222,11 @@ https://github.com/NixOS/nixpkgs/pull/256469" https://github.com/NixOS/nixpkgs/pull/256396 https://github.com/NixOS/nixpkgs/pull/256469" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.0","8.1.2","8.1.2","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","current","CVE-2023-1999","https://nvd.nist.gov/vuln/detail/CVE-2023-1999","libwebp","7.5","1.3.0","1.3.2","1.3.2","libwebp","2023A0000001999","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/255102 https://github.com/NixOS/nixpkgs/pull/255169" @@ -472,30 +472,30 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-24536","https://nvd.nist.gov/vuln/detail/CVE-2023-24536","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000024536","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-24534","https://nvd.nist.gov/vuln/detail/CVE-2023-24534","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000024534","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-24532","https://nvd.nist.gov/vuln/detail/CVE-2023-24532","go","5.3","1.17.13-linux-amd64-bootstrap","","","","2023A0000024532","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_not_available","" @@ -509,11 +509,11 @@ https://github.com/NixOS/nixpkgs/pull/261753" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.2","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.2","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=ghaf-23.06","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md index f43a32e..ec410b5 100644 --- a/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/ghaf-23.06/packages.x86_64-linux.generic-x86_64-release.md @@ -103,11 +103,7 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: - -| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | -|-------------------------------------------------------------------|------------|------------|-----------------|----------------|------------|-----------| -| [CVE-2023-46316](https://nvd.nist.gov/vuln/detail/CVE-2023-46316) | traceroute | 9.8 | 2.1.2 | | | | - +```No vulnerabilities``` ## All Vulnerabilities Impacting Ghaf @@ -132,18 +128,18 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.4 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.9 | 3.0.11 | 3.1.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.8 | 2.4.2 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.0 | 8.1.2 | 8.1.2 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | @@ -153,7 +149,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.4.0.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-35790](https://nvd.nist.gov/vuln/detail/CVE-2023-35790) | libjxl | 7.5 | 0.8.1 | 0.8.2 | 0.8.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/237913), [PR](https://github.com/NixOS/nixpkgs/pull/238274)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-4236](https://nvd.nist.gov/vuln/detail/CVE-2023-4236) | bind | 7.5 | 9.18.14 | 9.18.19 | 9.18.19 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256396), [PR](https://github.com/NixOS/nixpkgs/pull/256469)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.0 | 8.1.2 | 8.1.2 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753)]* | @@ -202,12 +198,12 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25435](https://nvd.nist.gov/vuln/detail/CVE-2023-25435) | libtiff | 5.5 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-25433](https://nvd.nist.gov/vuln/detail/CVE-2023-25433) | libtiff | 5.5 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | | [CVE-2023-3576](https://nvd.nist.gov/vuln/detail/CVE-2023-3576) | libtiff | 5.5 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | | [CVE-2023-2908](https://nvd.nist.gov/vuln/detail/CVE-2023-2908) | libtiff | 5.5 | 4.5.0 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/239544), [PR](https://github.com/NixOS/nixpkgs/pull/239595), [PR](https://github.com/NixOS/nixpkgs/pull/261791)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2021-3933](https://nvd.nist.gov/vuln/detail/CVE-2021-3933) | openexr | 5.5 | 2.5.8 | 3.2.0 | 3.2.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/234754), [PR](https://github.com/NixOS/nixpkgs/pull/236043), [PR](https://github.com/NixOS/nixpkgs/pull/238270), [PR](https://github.com/NixOS/nixpkgs/pull/254764), [PR](https://github.com/NixOS/nixpkgs/pull/258729)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.42.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | diff --git a/reports/main/data.csv b/reports/main/data.csv index dad92ee..96d627f 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -108,15 +108,23 @@ https://github.com/NixOS/nixpkgs/pull/263003" https://github.com/NixOS/nixpkgs/pull/263003" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5729","https://nvd.nist.gov/vuln/detail/CVE-2023-5729","firefox","4.3","118.0","119.0","119.0","firefox","2023A0000005729","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 https://github.com/NixOS/nixpkgs/pull/263003" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5728","https://nvd.nist.gov/vuln/detail/CVE-2023-5728","firefox","7.5","118.0","119.0","119.0","firefox","2023A0000005728","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 +https://github.com/NixOS/nixpkgs/pull/263003" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5727","https://nvd.nist.gov/vuln/detail/CVE-2023-5727","firefox","6.5","118.0","119.0","119.0","firefox","2023A0000005727","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5726","https://nvd.nist.gov/vuln/detail/CVE-2023-5726","firefox","4.3","118.0","119.0","119.0","firefox","2023A0000005726","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5725","https://nvd.nist.gov/vuln/detail/CVE-2023-5725","firefox","4.3","118.0","119.0","119.0","firefox","2023A0000005725","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 +https://github.com/NixOS/nixpkgs/pull/263003" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5724","https://nvd.nist.gov/vuln/detail/CVE-2023-5724","firefox","7.5","118.0","119.0","119.0","firefox","2023A0000005724","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 +https://github.com/NixOS/nixpkgs/pull/263003" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5723","https://nvd.nist.gov/vuln/detail/CVE-2023-5723","firefox","5.3","118.0","119.0","119.0","firefox","2023A0000005723","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 https://github.com/NixOS/nixpkgs/pull/263003" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5722","https://nvd.nist.gov/vuln/detail/CVE-2023-5722","firefox","5.3","118.0","119.0","119.0","firefox","2023A0000005722","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 https://github.com/NixOS/nixpkgs/pull/263003" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5721","https://nvd.nist.gov/vuln/detail/CVE-2023-5721","firefox","4.3","118.0","119.0","119.0","firefox","2023A0000005721","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/262964 https://github.com/NixOS/nixpkgs/pull/263003" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","firefox","8.8","118.0","119.0","119.0","firefox","2023A0000005217","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 @@ -128,21 +136,21 @@ https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4504","https://nvd.nist.gov/vuln/detail/CVE-2023-4504","cups","7.8","2.4.6","2.4.7","2.4.7","cups","2023A0000004504","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/256378 @@ -154,17 +162,18 @@ https://github.com/NixOS/nixpkgs/pull/256150 https://github.com/NixOS/nixpkgs/pull/264266" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3603","https://nvd.nist.gov/vuln/detail/CVE-2023-3603","libssh","6.5","0.10.5","","","","2023A0000003603","True","Based on https://security-tracker.debian.org/tracker/CVE-2023-3603 and https://bugzilla.redhat.com/show_bug.cgi?id=2221791, vulnerable code is not present in 0.10.5 or any currently released version.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3428","https://nvd.nist.gov/vuln/detail/CVE-2023-3428","imagemagick","5.5","7.1.1-18","7.1.1-21","7.1.1.21","imagemagick","2023A0000003428","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/263198 -https://github.com/NixOS/nixpkgs/pull/263344" +https://github.com/NixOS/nixpkgs/pull/263344 +https://github.com/NixOS/nixpkgs/pull/265201" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3354","https://nvd.nist.gov/vuln/detail/CVE-2023-3354","qemu","7.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003354","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/248659 https://github.com/NixOS/nixpkgs/pull/261753" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.2","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.2","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" @@ -273,7 +282,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.8","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-820","https://osv.dev/OSV-2021-820","qemu","","8.0.5","","","","2021A0000000820","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-777","https://osv.dev/OSV-2021-777","libxml2","","2.10.4","","","","2021A0000000777","True","Fixed by https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325, which went to 2.9.13. Therefore, this issue is fixed in 2.10.4.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.1","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.3","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.5","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","GHSA-f698-m2v9-5fh3","https://osv.dev/GHSA-f698-m2v9-5fh3","opencv","","4.7.0","","","","2020A1598832000","True","Incorrect package: issue refers node-opencv https://www.npmjs.com/package/opencv, whereas nixpkgs refers https://github.com/opencv/opencv.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.9","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" @@ -283,7 +292,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.29","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.20","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.44","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.1","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.3","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.40.1","2.42.0","2.42.1","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","current","OSV-2020-1610","https://osv.dev/OSV-2020-1610","openexr","","2.5.8","3.2.0","3.2.1","openexr","2020A0000001610","False","","err_not_vulnerable_based_on_repology","" @@ -528,30 +537,30 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-24536","https://nvd.nist.gov/vuln/detail/CVE-2023-24536","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000024536","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-24534","https://nvd.nist.gov/vuln/detail/CVE-2023-24534","go","7.5","1.17.13-linux-amd64-bootstrap","","","","2023A0000024534","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-24532","https://nvd.nist.gov/vuln/detail/CVE-2023-24532","go","5.3","1.17.13-linux-amd64-bootstrap","","","","2023A0000024532","True","See the discussion in: https://github.com/NixOS/nixpkgs/pull/241776.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 https://github.com/NixOS/nixpkgs/pull/262808 https://github.com/NixOS/nixpkgs/pull/262812" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_not_available","" @@ -565,11 +574,11 @@ https://github.com/NixOS/nixpkgs/pull/261753" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-3180","https://nvd.nist.gov/vuln/detail/CVE-2023-3180","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003180","False","Fixed in 8.0.4: https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f. Nixpkgs PR: https://github.com/NixOS/nixpkgs/pull/251036.","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/248659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-3019","https://nvd.nist.gov/vuln/detail/CVE-2023-3019","qemu","6.5","8.0.5","8.1.2","8.1.2","qemu","2023A0000003019","False","Revisit when fixed upstream: https://lists.nongnu.org/archive/html/qemu-devel/2023-05/msg08310.html.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2680","https://nvd.nist.gov/vuln/detail/CVE-2023-2680","qemu","8.2","8.0.5","8.1.2","8.1.2","qemu","2023A0000002680","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-1386","https://nvd.nist.gov/vuln/detail/CVE-2023-1386","qemu","7.8","8.0.5","8.1.2","8.1.2","qemu","2023A0000001386","False","Revisit when fixed upstream: https://github.com/v9fs/linux/issues/29.","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" @@ -678,7 +687,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2021-3598","https://nvd.nist.gov/vuln/detail/CVE-2021-3598","openexr","5.5","2.5.8","","","","2021A0000003598","True","False positive to the NVD data issue. Fixed in openexr 2.5.8. Upstream fix PR https://github.com/AcademySoftwareFoundation/openexr/pull/1040 which went to 2.5.7.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-820","https://osv.dev/OSV-2021-820","qemu","","8.0.5","","","","2021A0000000820","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=34831#c2.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-777","https://osv.dev/OSV-2021-777","libxml2","","2.10.4","","","","2021A0000000777","True","Fixed by https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325, which went to 2.9.13. Therefore, this issue is fixed in 2.10.4.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.1","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.3","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.5","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-f698-m2v9-5fh3","https://osv.dev/GHSA-f698-m2v9-5fh3","opencv","","4.7.0","","","","2020A1598832000","True","Incorrect package: issue refers node-opencv https://www.npmjs.com/package/opencv, whereas nixpkgs refers https://github.com/opencv/opencv.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.9","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" @@ -688,7 +697,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.33","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.20","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.44","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.1","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.3","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.40.1","2.42.0","2.42.1","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2020-1610","https://osv.dev/OSV-2020-1610","openexr","","2.5.8","3.2.0","3.2.1","openexr","2020A0000001610","False","","err_not_vulnerable_based_on_repology","" @@ -893,9 +902,9 @@ https://github.com/NixOS/nixpkgs/pull/232535" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25586","https://nvd.nist.gov/vuln/detail/CVE-2023-25586","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025586","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25585","https://nvd.nist.gov/vuln/detail/CVE-2023-25585","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025585","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25584","https://nvd.nist.gov/vuln/detail/CVE-2023-25584","binutils","7.1","2.40","2.40","2.41","binutils","2023A0000025584","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1897","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1897","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1897","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1897","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1897","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1897","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5217","https://nvd.nist.gov/vuln/detail/CVE-2023-5217","libvpx","8.8","1.13.1","1.13.1","1.13.1","libvpx","2023A0000005217","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/259881 https://github.com/NixOS/nixpkgs/pull/260189 https://github.com/NixOS/nixpkgs/pull/261404 @@ -976,8 +985,8 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2022-183","https://osv.dev/OSV-2022-183","binutils","","2.40","","","","2022A0000000183","True","Fixed based on https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=44864#c2.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-46312","https://nvd.nist.gov/vuln/detail/CVE-2021-46312","djvulibre","6.5","3.5.28","3.5.28","3.5.28","djvulibre","2021A0000046312","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-46310","https://nvd.nist.gov/vuln/detail/CVE-2021-46310","djvulibre","6.5","3.5.28","3.5.28","3.5.28","djvulibre","2021A0000046310","False","","fix_not_available","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-39205","https://nvd.nist.gov/vuln/detail/CVE-2021-39205","jitsi-meet","6.1","1.0.7322","","","","2021A0000039205","True","Does not impact the version in nixpkgs as mentioned in https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845.","err_missing_repology_version","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33506","https://nvd.nist.gov/vuln/detail/CVE-2021-33506","jitsi-meet","7.5","1.0.7322","","","","2021A0000033506","True","Fixed in nixpkgs as mentioned in https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-39205","https://nvd.nist.gov/vuln/detail/CVE-2021-39205","jitsi-meet","6.1","1.0.7531","","","","2021A0000039205","True","Does not impact the version in nixpkgs as mentioned in https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845.","err_missing_repology_version","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33506","https://nvd.nist.gov/vuln/detail/CVE-2021-33506","jitsi-meet","7.5","1.0.7531","","","","2021A0000033506","True","Fixed in nixpkgs as mentioned in https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33468","https://nvd.nist.gov/vuln/detail/CVE-2021-33468","yasm","5.5","1.3.0","","","","2021A0000033468","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33467","https://nvd.nist.gov/vuln/detail/CVE-2021-33467","yasm","5.5","1.3.0","","","","2021A0000033467","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2021-33466","https://nvd.nist.gov/vuln/detail/CVE-2021-33466","yasm","5.5","1.3.0","","","","2021A0000033466","True","Issue is not fixed upstream. Other distributions have triaged the issue as minor or 'no security impact'.","err_missing_repology_version","" @@ -1014,7 +1023,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-787","https://osv.dev/OSV-2021-787","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000787","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-777","https://osv.dev/OSV-2021-777","libxml2","","2.11.5","","","","2021A0000000777","True","Fixed by https://gitlab.gnome.org/GNOME/libxml2/-/commit/8f5ccada05ddd4a1ff8e399ad39fc7cd4bd33325, which went to 2.9.13. Therefore, this issue is fixed in 2.10.4.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-765","https://osv.dev/OSV-2021-765","espeak-ng","","1.51.1","1.51.1","1.51.1","espeak-ng","2021A0000000765","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.1","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-594","https://osv.dev/OSV-2021-594","libheif","","1.15.2","1.15.2","1.17.3","libheif","2021A0000000594","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2021-508","https://osv.dev/OSV-2021-508","libsass","","3.6.5","3.6.5","3.6.5","libsass","2021A0000000508","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-35669","https://nvd.nist.gov/vuln/detail/CVE-2020-35669","http","6.1","0.2.9","0.3-0","0.4","lua:http","2020A0000035669","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-24490","https://nvd.nist.gov/vuln/detail/CVE-2020-24490","bluez","6.5","5.66","","","","2020A0000024490","True","Fixed in linux kernel (5.8) with: https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=a2ec905d1e160a33b2e210e45ad30445ef26ce0e.","err_missing_repology_version","" @@ -1022,7 +1031,7 @@ https://github.com/NixOS/nixpkgs/pull/170659" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-18781","https://nvd.nist.gov/vuln/detail/CVE-2020-18781","audiofile","5.5","0.3.6","0.3.6","0.3.6","audiofile","2020A0000018781","False","","fix_not_available","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-16194","https://nvd.nist.gov/vuln/detail/CVE-2020-16194","quote","5.3","1.0.33","","","","2020A0000016194","True","Incorrect package: Issue concerns prestashop product: https://prestashop.com/, whereas, nixpkgs ""quote"" refers rust package 'quote': https://docs.rs/quote/latest/quote/.","err_missing_repology_version","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-8284","https://nvd.nist.gov/vuln/detail/CVE-2020-8284","curl","3.7","0.4.44","","","","2020A0000008284","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/106452" -"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.1","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-2308","https://osv.dev/OSV-2020-2308","libheif","","1.15.2","1.15.2","1.17.3","libheif","2020A0000002308","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2020-2136","https://nvd.nist.gov/vuln/detail/CVE-2020-2136","git","5.4","2.42.0","2.42.0","2.42.1","git","2020A0000002136","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/82872 https://github.com/NixOS/nixpkgs/pull/84664" "packages.x86_64-linux.generic-x86_64-release","github:tiiuae/ghaf?ref=main","nix_unstable","OSV-2020-1610","https://osv.dev/OSV-2020-1610","openexr","","2.5.8","3.2.0","3.2.1","openexr","2020A0000001610","False","","err_not_vulnerable_based_on_repology","" @@ -1219,41 +1228,41 @@ https://github.com/NixOS/nixpkgs/pull/259826" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-25586","https://nvd.nist.gov/vuln/detail/CVE-2023-25586","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025586","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-25585","https://nvd.nist.gov/vuln/detail/CVE-2023-25585","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025585","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-25584","https://nvd.nist.gov/vuln/detail/CVE-2023-25584","binutils","7.1","2.40","2.40","2.41","binutils","2023A0000025584","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-8","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4807","https://nvd.nist.gov/vuln/detail/CVE-2023-4807","openssl","7.8","3.0.10","3.0.11","3.1.4","openssl","2023A0000004807","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254106 https://github.com/NixOS/nixpkgs/pull/254185 https://github.com/NixOS/nixpkgs/pull/254574 https://github.com/NixOS/nixpkgs/pull/256127 https://github.com/NixOS/nixpkgs/pull/263150" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-8","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150 https://github.com/NixOS/nixpkgs/pull/264266" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","current","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -1325,36 +1334,36 @@ https://github.com/NixOS/nixpkgs/pull/259826" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-25586","https://nvd.nist.gov/vuln/detail/CVE-2023-25586","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025586","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-25585","https://nvd.nist.gov/vuln/detail/CVE-2023-25585","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025585","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-25584","https://nvd.nist.gov/vuln/detail/CVE-2023-25584","binutils","7.1","2.40","2.40","2.41","binutils","2023A0000025584","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.37-45","","","","2023A0000005156","False","","err_missing_repology_version","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4781","https://nvd.nist.gov/vuln/detail/CVE-2023-4781","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004781","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4752","https://nvd.nist.gov/vuln/detail/CVE-2023-4752","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004752","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4750","https://nvd.nist.gov/vuln/detail/CVE-2023-4750","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004750","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4738","https://nvd.nist.gov/vuln/detail/CVE-2023-4738","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004738","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4736","https://nvd.nist.gov/vuln/detail/CVE-2023-4736","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004736","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4735","https://nvd.nist.gov/vuln/detail/CVE-2023-4735","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004735","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4734","https://nvd.nist.gov/vuln/detail/CVE-2023-4734","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004734","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4733","https://nvd.nist.gov/vuln/detail/CVE-2023-4733","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000004733","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.37-45","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4039","https://nvd.nist.gov/vuln/detail/CVE-2023-4039","gcc","4.8","12.2.0","12.3.0","13.2.0","gcc","2023A0000004039","False","","fix_not_available","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-4016","https://nvd.nist.gov/vuln/detail/CVE-2023-4016","procps","5.5","3.3.17","","","","2023A0000004016","False","See: https://gitlab.com/procps-ng/procps/-/issues/297. Notice: repology package name is procps-ng: https://repology.org/project/procps-ng/versions.","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256065 https://github.com/NixOS/nixpkgs/pull/256150 https://github.com/NixOS/nixpkgs/pull/264266" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2610","https://nvd.nist.gov/vuln/detail/CVE-2023-2610","vim","7.8","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002610","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2609","https://nvd.nist.gov/vuln/detail/CVE-2023-2609","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002609","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2081","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2023-2426","https://nvd.nist.gov/vuln/detail/CVE-2023-2426","vim","5.5","9.0.1441","9.0.1897","9.0.2087","vim","2023A0000002426","False","Backport nixpkgs PR https://github.com/NixOS/nixpkgs/pull/254666 to 23.05 once it's merged to unstable/staging.","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/254666 https://github.com/NixOS/nixpkgs/pull/261952" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-877","https://osv.dev/OSV-2023-877","libbpf","","1.2.0","1.2.2","1.2.2","libbpf","2023A0000000877","False","","err_not_vulnerable_based_on_repology","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","lock_updated","OSV-2023-505","https://osv.dev/OSV-2023-505","file","","5.44","5.45","5.45","file","2023A0000000505","False","Unclear if this is still valid.","err_not_vulnerable_based_on_repology","" @@ -1417,9 +1426,9 @@ https://github.com/NixOS/nixpkgs/pull/264613" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25586","https://nvd.nist.gov/vuln/detail/CVE-2023-25586","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025586","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25585","https://nvd.nist.gov/vuln/detail/CVE-2023-25585","binutils","5.5","2.40","2.40","2.41","binutils","2023A0000025585","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-25584","https://nvd.nist.gov/vuln/detail/CVE-2023-25584","binutils","7.1","2.40","2.40","2.41","binutils","2023A0000025584","False","","err_not_vulnerable_based_on_repology","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1897","9.0.1897","9.0.2081","vim","2023A0000005535","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1897","9.0.1897","9.0.2081","vim","2023A0000005441","False","","fix_update_to_version_upstream","" -"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1897","9.0.1897","9.0.2081","vim","2023A0000005344","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5535","https://nvd.nist.gov/vuln/detail/CVE-2023-5535","vim","7.8","9.0.1897","9.0.1897","9.0.2087","vim","2023A0000005535","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5441","https://nvd.nist.gov/vuln/detail/CVE-2023-5441","vim","5.5","9.0.1897","9.0.1897","9.0.2087","vim","2023A0000005441","False","","fix_update_to_version_upstream","" +"packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5344","https://nvd.nist.gov/vuln/detail/CVE-2023-5344","vim","7.5","9.0.1897","9.0.1897","9.0.2087","vim","2023A0000005344","False","","fix_update_to_version_upstream","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-5156","https://nvd.nist.gov/vuln/detail/CVE-2023-5156","glibc","7.5","2.38-23","","","","2023A0000005156","False","","err_missing_repology_version","" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-4527","https://nvd.nist.gov/vuln/detail/CVE-2023-4527","glibc","6.5","2.38-23","","","","2023A0000004527","False","","err_missing_repology_version","https://github.com/NixOS/nixpkgs/pull/256887" "packages.riscv64-linux.microchip-icicle-kit-release","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2023-4135","https://nvd.nist.gov/vuln/detail/CVE-2023-4135","qemu","6.5","8.1.2","8.1.2","8.1.2","qemu","2023A0000004135","False","Fixed upstream in 8.1.0.","fix_not_available","" diff --git a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md index b65ac0e..3abca19 100644 --- a/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md +++ b/reports/main/packages.riscv64-linux.microchip-icicle-kit-release.md @@ -46,19 +46,19 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | vuln_id | package | severity | version_local | nix_unstable | upstream | comment | |-------------------------------------------------------------------|------------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.0 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/254143), [PR](https://github.com/NixOS/nixpkgs/pull/259826)]* | @@ -84,21 +84,21 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base |-------------------------------------------------------------------|------------|------------|------------------|------------------|------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | [CVE-2023-45853](https://nvd.nist.gov/vuln/detail/CVE-2023-45853) | zlib | 9.8 | 1.2.13 | 1.3 | 1.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262722), [PR](https://github.com/NixOS/nixpkgs/pull/263083)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.0.11 | 3.1.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.4.0.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-25584](https://nvd.nist.gov/vuln/detail/CVE-2023-25584) | binutils | 7.1 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-45322](https://nvd.nist.gov/vuln/detail/CVE-2023-45322) | libxml2 | 6.5 | 2.10.4 | 2.11.5 | 2.11.5 | | @@ -109,10 +109,10 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.40.1 | 2.42.0 | 2.42.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | @@ -197,7 +197,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2022-3109](https://nvd.nist.gov/vuln/detail/CVE-2022-3109) | ffmpeg | 7.5 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2). | | [CVE-2022-2880](https://nvd.nist.gov/vuln/detail/CVE-2022-2880) | go | 7.5 | 1.17.13-linux-am | See the discussion in: [link](https://github.com/NixOS/nixpkgs/pull/241776). | | [CVE-2022-2879](https://nvd.nist.gov/vuln/detail/CVE-2022-2879) | go | 7.5 | 1.17.13-linux-am | See the discussion in: [link](https://github.com/NixOS/nixpkgs/pull/241776). | -| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7322 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | +| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7531 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.6943 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202308 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -245,7 +245,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.1 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2018-1000182](https://nvd.nist.gov/vuln/detail/CVE-2018-1000182) | git | 6.4 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2018-1000182](https://nvd.nist.gov/vuln/detail/CVE-2018-1000182) | git | 6.4 | 2.40.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | -| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7322 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | +| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7531 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | | [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.6943 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | | [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.40.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | diff --git a/reports/main/packages.x86_64-linux.generic-x86_64-release.md b/reports/main/packages.x86_64-linux.generic-x86_64-release.md index d1bcec0..2099ad3 100644 --- a/reports/main/packages.x86_64-linux.generic-x86_64-release.md +++ b/reports/main/packages.x86_64-linux.generic-x86_64-release.md @@ -38,15 +38,20 @@ Update the target Ghaf [flake.lock](https://github.com/tiiuae/ghaf/blob/main/fla | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.8 | 2.4.6 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | | [CVE-2023-44488](https://nvd.nist.gov/vuln/detail/CVE-2023-44488) | libvpx | 7.5 | 1.13.0 | 1.13.1 | 1.13.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258295), [PR](https://github.com/NixOS/nixpkgs/pull/258350), [PR](https://github.com/NixOS/nixpkgs/pull/259881), [PR](https://github.com/NixOS/nixpkgs/pull/260189)]* | | [CVE-2023-38039](https://nvd.nist.gov/vuln/detail/CVE-2023-38039) | curl | 7.5 | 8.1.1 | 8.4.0 | 8.4.0.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254962), [PR](https://github.com/NixOS/nixpkgs/pull/254963), [PR](https://github.com/NixOS/nixpkgs/pull/260378)]* | +| [CVE-2023-5728](https://nvd.nist.gov/vuln/detail/CVE-2023-5728) | firefox | 7.5 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5724](https://nvd.nist.gov/vuln/detail/CVE-2023-5724) | firefox | 7.5 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5727](https://nvd.nist.gov/vuln/detail/CVE-2023-5727) | firefox | 6.5 | 118.0 | 119.0 | 119.0 | | | [CVE-2023-5758](https://nvd.nist.gov/vuln/detail/CVE-2023-5758) | firefox | 6.1 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [CVE-2023-43789](https://nvd.nist.gov/vuln/detail/CVE-2023-43789) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43788](https://nvd.nist.gov/vuln/detail/CVE-2023-43788) | libXpm | 5.5 | 3.5.15 | 3.5.17 | 3.5.17 | | | [CVE-2023-43786](https://nvd.nist.gov/vuln/detail/CVE-2023-43786) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | | [CVE-2023-43785](https://nvd.nist.gov/vuln/detail/CVE-2023-43785) | libX11 | 5.5 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-3428](https://nvd.nist.gov/vuln/detail/CVE-2023-3428) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263198), [PR](https://github.com/NixOS/nixpkgs/pull/263344)]* | +| [CVE-2023-3428](https://nvd.nist.gov/vuln/detail/CVE-2023-3428) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263198), [PR](https://github.com/NixOS/nixpkgs/pull/263344), [PR](https://github.com/NixOS/nixpkgs/pull/265201)]* | | [CVE-2023-5723](https://nvd.nist.gov/vuln/detail/CVE-2023-5723) | firefox | 5.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [CVE-2023-5722](https://nvd.nist.gov/vuln/detail/CVE-2023-5722) | firefox | 5.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [CVE-2023-5729](https://nvd.nist.gov/vuln/detail/CVE-2023-5729) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5726](https://nvd.nist.gov/vuln/detail/CVE-2023-5726) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | | +| [CVE-2023-5725](https://nvd.nist.gov/vuln/detail/CVE-2023-5725) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [CVE-2023-5721](https://nvd.nist.gov/vuln/detail/CVE-2023-5721) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [GHSA-qqvq-6xgj-jw8g](https://osv.dev/GHSA-qqvq-6xgj-jw8g) | electron | | 26.2.1 | 27.0.0 | 27.0.3 | | @@ -66,22 +71,22 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323) | go | 9.8 | 1.17.13-linux-am | 1.21.3 | 1.21.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.20.8 | 1.21.3 | 1.21.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | go | 7.5 | 1.17.13-linux-am | 1.21.3 | 1.21.3 | *[[PR](https://github.com/NixOS/nixpkgs/pull/259329), [PR](https://github.com/NixOS/nixpkgs/pull/262022), [PR](https://github.com/NixOS/nixpkgs/pull/262713), [PR](https://github.com/NixOS/nixpkgs/pull/262718), [PR](https://github.com/NixOS/nixpkgs/pull/262738)]* | | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.5 | 8.1.2 | 8.1.2 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-30571](https://nvd.nist.gov/vuln/detail/CVE-2023-30571) | libarchive | 5.3 | 3.6.2 | 3.7.2 | 3.7.2 | No upstream fix available, see: [link](https://github.com/libarchive/libarchive/issues/1876). *[[PR](https://github.com/NixOS/nixpkgs/pull/244713), [PR](https://github.com/NixOS/nixpkgs/pull/256930)]* | | [CVE-2023-29409](https://nvd.nist.gov/vuln/detail/CVE-2023-29409) | go | 5.3 | 1.17.13-linux-am | 1.21.3 | 1.21.3 | See: [link](https://github.com/golang/go/issues/61580), fixed by update to go 1.20.7: nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/246663). *[[PR](https://github.com/NixOS/nixpkgs/pull/247034), [PR](https://github.com/NixOS/nixpkgs/pull/259329)]* | | [CVE-2023-29383](https://nvd.nist.gov/vuln/detail/CVE-2023-29383) | shadow | 3.3 | 4.13 | 4.14.0 | 4.14.2 | Pending merge for nixpkgs master PR: [link](https://github.com/NixOS/nixpkgs/pull/233924). TODO: consider taking the upstream version update to 4.14 instead: [link](https://github.com/shadow-maint/shadow/releases). *[[PR](https://github.com/NixOS/nixpkgs/pull/254143), [PR](https://github.com/NixOS/nixpkgs/pull/259826)]* | @@ -101,13 +106,11 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | vuln_id | package | severity | version_local | nix_unstable | upstream | comment | |-----------------------------------------------------------------|-----------|------------|-----------------|----------------|------------|------------------------------------------------------------------------------------------------------------| -| [CVE-2023-5731](https://nvd.nist.gov/vuln/detail/CVE-2023-5731) | firefox | 9.8 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | -| [CVE-2023-5730](https://nvd.nist.gov/vuln/detail/CVE-2023-5730) | firefox | 9.8 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | -| [CVE-2023-5758](https://nvd.nist.gov/vuln/detail/CVE-2023-5758) | firefox | 6.1 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | -| [CVE-2023-5723](https://nvd.nist.gov/vuln/detail/CVE-2023-5723) | firefox | 5.3 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | -| [CVE-2023-5722](https://nvd.nist.gov/vuln/detail/CVE-2023-5722) | firefox | 5.3 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | -| [CVE-2023-5729](https://nvd.nist.gov/vuln/detail/CVE-2023-5729) | firefox | 4.3 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | -| [CVE-2023-5721](https://nvd.nist.gov/vuln/detail/CVE-2023-5721) | firefox | 4.3 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5728](https://nvd.nist.gov/vuln/detail/CVE-2023-5728) | firefox | 7.5 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5724](https://nvd.nist.gov/vuln/detail/CVE-2023-5724) | firefox | 7.5 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5727](https://nvd.nist.gov/vuln/detail/CVE-2023-5727) | firefox | 6.5 | 118 | 119 | 119 | | +| [CVE-2023-5726](https://nvd.nist.gov/vuln/detail/CVE-2023-5726) | firefox | 4.3 | 118 | 119 | 119 | | +| [CVE-2023-5725](https://nvd.nist.gov/vuln/detail/CVE-2023-5725) | firefox | 4.3 | 118 | 119 | 119 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | @@ -142,18 +145,18 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0-env | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-31484](https://nvd.nist.gov/vuln/detail/CVE-2023-31484) | perl | 8.1 | 5.36.0 | 5.38.0 | 5.38.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/241848), [PR](https://github.com/NixOS/nixpkgs/pull/247547), [PR](https://github.com/NixOS/nixpkgs/pull/256402)]* | | [CVE-2023-43787](https://nvd.nist.gov/vuln/detail/CVE-2023-43787) | libX11 | 7.8 | 1.8.6 | 1.8.7 | 1.8.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/258841), [PR](https://github.com/NixOS/nixpkgs/pull/258996)]* | -| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5535](https://nvd.nist.gov/vuln/detail/CVE-2023-5535) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-4807](https://nvd.nist.gov/vuln/detail/CVE-2023-4807) | openssl | 7.8 | 3.0.10 | 3.0.11 | 3.1.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/254106), [PR](https://github.com/NixOS/nixpkgs/pull/254185), [PR](https://github.com/NixOS/nixpkgs/pull/254574), [PR](https://github.com/NixOS/nixpkgs/pull/256127), [PR](https://github.com/NixOS/nixpkgs/pull/263150)]* | -| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4781](https://nvd.nist.gov/vuln/detail/CVE-2023-4781) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4752](https://nvd.nist.gov/vuln/detail/CVE-2023-4752) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4750](https://nvd.nist.gov/vuln/detail/CVE-2023-4750) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4738](https://nvd.nist.gov/vuln/detail/CVE-2023-4738) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4736](https://nvd.nist.gov/vuln/detail/CVE-2023-4736) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4735](https://nvd.nist.gov/vuln/detail/CVE-2023-4735) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4734](https://nvd.nist.gov/vuln/detail/CVE-2023-4734) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-4733](https://nvd.nist.gov/vuln/detail/CVE-2023-4733) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-4504](https://nvd.nist.gov/vuln/detail/CVE-2023-4504) | cups | 7.8 | 2.4.6 | 2.4.7 | 2.4.7 | *[[PR](https://github.com/NixOS/nixpkgs/pull/256378), [PR](https://github.com/NixOS/nixpkgs/pull/257637)]* | -| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2610](https://nvd.nist.gov/vuln/detail/CVE-2023-2610) | vim | 7.8 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 7.8 | 8.0.5 | 8.1.2 | 8.1.2 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2019-5443](https://nvd.nist.gov/vuln/detail/CVE-2019-5443) | curl | 7.8 | 0.4.44 | | | | | [CVE-2017-5510](https://nvd.nist.gov/vuln/detail/CVE-2017-5510) | imagemagick | 7.8 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | | @@ -176,7 +179,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-35945](https://nvd.nist.gov/vuln/detail/CVE-2023-35945) | nghttp2 | 7.5 | 1.51.0 | 1.57.0 | 1.58.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/219712), [PR](https://github.com/NixOS/nixpkgs/pull/246068), [PR](https://github.com/NixOS/nixpkgs/pull/265047)]* | | [CVE-2023-28450](https://nvd.nist.gov/vuln/detail/CVE-2023-28450) | dnsmasq | 7.5 | 2.89 | 2.89 | 2.89 | | | [CVE-2023-28319](https://nvd.nist.gov/vuln/detail/CVE-2023-28319) | curl | 7.5 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531)]* | -| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5728](https://nvd.nist.gov/vuln/detail/CVE-2023-5728) | firefox | 7.5 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5724](https://nvd.nist.gov/vuln/detail/CVE-2023-5724) | firefox | 7.5 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5344](https://nvd.nist.gov/vuln/detail/CVE-2023-5344) | vim | 7.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-5156](https://nvd.nist.gov/vuln/detail/CVE-2023-5156) | glibc | 7.5 | 2.37-8 | | | | | [CVE-2023-3354](https://nvd.nist.gov/vuln/detail/CVE-2023-3354) | qemu | 7.5 | 8.0.5 | 8.1.2 | 8.1.2 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/5300472ec0990c61742d89b5eea1c1e6941f6d62). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659), [PR](https://github.com/NixOS/nixpkgs/pull/261753)]* | | [CVE-2022-43357](https://nvd.nist.gov/vuln/detail/CVE-2022-43357) | sassc | 7.5 | 3.6.2 | 3.6.2 | 3.6.2 | *[[PR](https://github.com/NixOS/nixpkgs/pull/264177)]* | @@ -192,6 +197,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-40745](https://nvd.nist.gov/vuln/detail/CVE-2023-40745) | libtiff | 6.5 | 4.5.1 | 4.5.1 | 4.6.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/261791), [PR](https://github.com/NixOS/nixpkgs/pull/264613)]* | | [CVE-2023-38858](https://nvd.nist.gov/vuln/detail/CVE-2023-38858) | faad2 | 6.5 | 2.10.1 | 2.10.1 | 2.10.1 | | | [CVE-2023-37769](https://nvd.nist.gov/vuln/detail/CVE-2023-37769) | pixman | 6.5 | 0.42.2 | 0.42.2 | 0.42.2 | See: [link](https://gitlab.freedesktop.org/pixman/pixman/-/issues/76): "This somehow got assigned CVE-2023-37769, not sure why NVD keeps assigning CVEs like this. This is just a test executable". | +| [CVE-2023-5727](https://nvd.nist.gov/vuln/detail/CVE-2023-5727) | firefox | 6.5 | 118.0 | 119.0 | 119.0 | | | [CVE-2023-4527](https://nvd.nist.gov/vuln/detail/CVE-2023-4527) | glibc | 6.5 | 2.37-8 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/256887)]* | | [CVE-2023-4135](https://nvd.nist.gov/vuln/detail/CVE-2023-4135) | qemu | 6.5 | 8.0.5 | 8.1.2 | 8.1.2 | Fixed upstream in 8.1.0. | | [CVE-2023-3180](https://nvd.nist.gov/vuln/detail/CVE-2023-3180) | qemu | 6.5 | 8.0.5 | 8.1.2 | 8.1.2 | Fixed in 8.0.4: [link](https://gitlab.com/qemu-project/qemu/-/commit/49f1e02bac166821c712534aaa775f50e1afe17f). Nixpkgs PR: [link](https://github.com/NixOS/nixpkgs/pull/251036). *[[PR](https://github.com/NixOS/nixpkgs/pull/248659)]* | @@ -246,11 +252,11 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-25588](https://nvd.nist.gov/vuln/detail/CVE-2023-25588) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25586](https://nvd.nist.gov/vuln/detail/CVE-2023-25586) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | | [CVE-2023-25585](https://nvd.nist.gov/vuln/detail/CVE-2023-25585) | binutils | 5.5 | 2.40 | 2.40 | 2.41 | | -| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | | +| [CVE-2023-5441](https://nvd.nist.gov/vuln/detail/CVE-2023-5441) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | | | [CVE-2023-4016](https://nvd.nist.gov/vuln/detail/CVE-2023-4016) | procps | 5.5 | 3.3.17 | | | See: [link](https://gitlab.com/procps-ng/procps/-/issues/297). Notice: repology package name is procps-ng: [link](https://repology.org/project/procps-ng/versions). *[[PR](https://github.com/NixOS/nixpkgs/pull/256065), [PR](https://github.com/NixOS/nixpkgs/pull/256150), [PR](https://github.com/NixOS/nixpkgs/pull/264266)]* | -| [CVE-2023-3428](https://nvd.nist.gov/vuln/detail/CVE-2023-3428) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263198), [PR](https://github.com/NixOS/nixpkgs/pull/263344)]* | -| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | -| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2081 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-3428](https://nvd.nist.gov/vuln/detail/CVE-2023-3428) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | *[[PR](https://github.com/NixOS/nixpkgs/pull/263198), [PR](https://github.com/NixOS/nixpkgs/pull/263344), [PR](https://github.com/NixOS/nixpkgs/pull/265201)]* | +| [CVE-2023-2609](https://nvd.nist.gov/vuln/detail/CVE-2023-2609) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | +| [CVE-2023-2426](https://nvd.nist.gov/vuln/detail/CVE-2023-2426) | vim | 5.5 | 9.0.1441 | 9.0.1897 | 9.0.2087 | Backport nixpkgs PR [link](https://github.com/NixOS/nixpkgs/pull/254666) to 23.05 once it's merged to unstable/staging. *[[PR](https://github.com/NixOS/nixpkgs/pull/254666), [PR](https://github.com/NixOS/nixpkgs/pull/261952)]* | | [CVE-2020-18781](https://nvd.nist.gov/vuln/detail/CVE-2020-18781) | audiofile | 5.5 | 0.3.6 | 0.3.6 | 0.3.6 | | | [CVE-2016-10062](https://nvd.nist.gov/vuln/detail/CVE-2016-10062) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | | | [CVE-2014-9853](https://nvd.nist.gov/vuln/detail/CVE-2014-9853) | imagemagick | 5.5 | 7.1.1-18 | 7.1.1-21 | 7.1.1.21 | | @@ -278,6 +284,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 12.2.0 | 12.3.0 | 13.2.0 | | | [CVE-2018-10229](https://nvd.nist.gov/vuln/detail/CVE-2018-10229) | firefox | 4.8 | 118.0 | 119.0 | 119.0 | | | [CVE-2023-5729](https://nvd.nist.gov/vuln/detail/CVE-2023-5729) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | +| [CVE-2023-5726](https://nvd.nist.gov/vuln/detail/CVE-2023-5726) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | | +| [CVE-2023-5725](https://nvd.nist.gov/vuln/detail/CVE-2023-5725) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [CVE-2023-5721](https://nvd.nist.gov/vuln/detail/CVE-2023-5721) | firefox | 4.3 | 118.0 | 119.0 | 119.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/262964), [PR](https://github.com/NixOS/nixpkgs/pull/263003)]* | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-35252](https://nvd.nist.gov/vuln/detail/CVE-2022-35252) | curl | 3.7 | 0.4.44 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/189083), [PR](https://github.com/NixOS/nixpkgs/pull/198730)]* | @@ -305,9 +313,9 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [OSV-2022-394](https://osv.dev/OSV-2022-394) | opencv | | 4.7.0 | 4.7.0 | 4.8.1 | No attention from upstream: [link](https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47190). | | [OSV-2022-312](https://osv.dev/OSV-2022-312) | dnsmasq | | 2.89 | 2.89 | 2.89 | | | [OSV-2022-193](https://osv.dev/OSV-2022-193) | w3m | | 0.5.3+git2023012 | 0.5.3+git2023012 | 0.5.3+git2023012 | Unclear if this is still valid. | -| [OSV-2021-594](https://osv.dev/OSV-2021-594) | libheif | | 1.15.2 | 1.15.2 | 1.17.1 | | +| [OSV-2021-594](https://osv.dev/OSV-2021-594) | libheif | | 1.15.2 | 1.15.2 | 1.17.3 | | | [OSV-2021-508](https://osv.dev/OSV-2021-508) | libsass | | 3.6.5 | 3.6.5 | 3.6.5 | Unclear if this is still valid. | -| [OSV-2020-2308](https://osv.dev/OSV-2020-2308) | libheif | | 1.15.2 | 1.15.2 | 1.17.1 | | +| [OSV-2020-2308](https://osv.dev/OSV-2020-2308) | libheif | | 1.15.2 | 1.15.2 | 1.17.3 | | | [OSV-2020-1610](https://osv.dev/OSV-2020-1610) | openexr | | 2.5.8 | 3.2.0 | 3.2.1 | | | [OSV-2020-1420](https://osv.dev/OSV-2020-1420) | libsass | | 3.6.5 | 3.6.5 | 3.6.5 | | | [OSV-2020-862](https://osv.dev/OSV-2020-862) | libsass | | 3.6.5 | 3.6.5 | 3.6.5 | | @@ -409,7 +417,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2022-3109](https://nvd.nist.gov/vuln/detail/CVE-2022-3109) | ffmpeg | 7.5 | 4.4.4 | Scanners get confused by LTS release versions (non-linear version numbers). Upstream fix patch for 4.4.x is merged in 4.4.4 [link](https://github.com/FFmpeg/FFmpeg/commit/4d82b7bac42c9d35d4f9f145a85e6cbc1fe914f2). | | [CVE-2022-2880](https://nvd.nist.gov/vuln/detail/CVE-2022-2880) | go | 7.5 | 1.17.13-linux-am | See the discussion in: [link](https://github.com/NixOS/nixpkgs/pull/241776). | | [CVE-2022-2879](https://nvd.nist.gov/vuln/detail/CVE-2022-2879) | go | 7.5 | 1.17.13-linux-am | See the discussion in: [link](https://github.com/NixOS/nixpkgs/pull/241776). | -| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7322 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | +| [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.7531 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2021-33506](https://nvd.nist.gov/vuln/detail/CVE-2021-33506) | jitsi-meet | 7.5 | 1.0.6943 | Fixed in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/132134#issuecomment-890319135). | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202308 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2019-14559](https://nvd.nist.gov/vuln/detail/CVE-2019-14559) | edk2 | 7.5 | 202211 | NVD data issue: CPE entry does not correctly state the version numbers. | @@ -457,7 +465,7 @@ Following table lists vulnerabilities that would otherwise have been included to | [CVE-2016-2781](https://nvd.nist.gov/vuln/detail/CVE-2016-2781) | coreutils | 6.5 | 9.1 | NVD data issue: CPE entry does not correctly state the version numbers. | | [CVE-2018-1000182](https://nvd.nist.gov/vuln/detail/CVE-2018-1000182) | git | 6.4 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2018-1000182](https://nvd.nist.gov/vuln/detail/CVE-2018-1000182) | git | 6.4 | 2.40.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | -| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7322 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | +| [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.7531 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | | [CVE-2021-39205](https://nvd.nist.gov/vuln/detail/CVE-2021-39205) | jitsi-meet | 6.1 | 1.0.6943 | Does not impact the version in nixpkgs as mentioned in [link](https://github.com/NixOS/nixpkgs/issues/142979#issuecomment-964291845). | | [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.42.0 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). | | [CVE-2021-21684](https://nvd.nist.gov/vuln/detail/CVE-2021-21684) | git | 6.1 | 2.40.1 | Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: [link](https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96). |