From d3630bdafd6b009da2f54cb4de3a2e96dc71ca9e Mon Sep 17 00:00:00 2001 From: henrirosten <49935860+henrirosten@users.noreply.github.com> Date: Thu, 30 Jan 2025 03:43:21 +0000 Subject: [PATCH] Automatic vulnerability report update --- reports/main/data.csv | 2 ++ ...kages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md | 11 +++++++++-- 2 files changed, 11 insertions(+), 2 deletions(-) diff --git a/reports/main/data.csv b/reports/main/data.csv index 7415df6..bf4acfa 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -1,5 +1,6 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2025-0651","https://nvd.nist.gov/vuln/detail/CVE-2025-0651","warp","","3.3.31","3.4.7","3.4.7","haskell:warp","2025A0000000651","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","RUSTSEC-2025-0003","https://osv.dev/RUSTSEC-2025-0003","fast-float","","7.0.0","7.0.0","7.0.0","fast-float","2025A0000000003","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-pxg6-pf52-xh8x","https://osv.dev/GHSA-pxg6-pf52-xh8x","cookie","","0.4.6","0.5.0","0.5.0","haskell:cookie","2024A1728000000","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","BIT-git-lfs-2024-53263","https://osv.dev/BIT-git-lfs-2024-53263","git-lfs","","3.6.0","3.6.0","3.6.1","git-lfs","2024A0000053263","False","","err_not_vulnerable_based_on_repology","" @@ -47,6 +48,7 @@ https://github.com/NixOS/nixpkgs/pull/363310" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-4030","https://nvd.nist.gov/vuln/detail/CVE-2024-4030","python","7.1","2.7.18.8","3.13.1","3.13.1","python","2024A0000004030","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-3219","https://nvd.nist.gov/vuln/detail/CVE-2024-3219","python","","2.7.18.8","3.13.1","3.13.1","python","2024A0000003219","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1391","https://osv.dev/OSV-2024-1391","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001391","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1251","https://osv.dev/OSV-2024-1251","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001251","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1209","https://osv.dev/OSV-2024-1209","libxml2","","2.13.5","2.13.5","2.13.5","libxml2","2024A0000001209","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1059","https://osv.dev/OSV-2024-1059","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001059","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","OSV-2024-1042","https://osv.dev/OSV-2024-1042","ghostscript","","10.04.0","10.04.0","10.04.0","ghostscript","2024A0000001042","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index dee07fb..896f3fc 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -6,7 +6,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0 # Vulnerability Report -This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/fc435a07c3f73b9068a169916490fac5c1ff8f2e. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. +This vulnerability report is generated for Ghaf target `github:tiiuae/ghaf?ref=main#packages.x86_64-linux.lenovo-x1-carbon-gen11-debug` revision https://github.com/tiiuae/ghaf/commit/2dd4898366923b63f2b38db7de23fa79ebd92b6b. The tables on this page include known vulnerabilities impacting buildtime or runtime dependencies of the given target. This report is automatically generated as specified on the [Vulnerability Scan](../../.github/workflows/vulnerability-scan.yml) GitHub action workflow. It uses the tooling from [sbomnix](https://github.com/tiiuae/sbomnix) repository, such as [vulnxscan](https://github.com/tiiuae/sbomnix/tree/main/scripts/vulnxscan), as well as the manual analysis results maintained in the [manual_analysis.csv](../../manual_analysis.csv) file. @@ -48,7 +48,12 @@ Following table lists vulnerabilities currently impacting the Ghaf target that h Consider [whitelisting](../../manual_analysis.csv) possible false positives based on manual analysis, or - if determined valid - help nixpkgs community fix the following issues in nixpkgs: -```No vulnerabilities``` + +| vuln_id | package | severity | version_local | nix_unstable | upstream | comment | +|--------------------------------------------------------|-------------|------------|-----------------|----------------|------------|-----------| +| [RUSTSEC-2025-0003](https://osv.dev/RUSTSEC-2025-0003) | fast-float | | 7.0.0 | 7.0.0 | 7.0.0 | | +| [OSV-2024-1251](https://osv.dev/OSV-2024-1251) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | + ## All Vulnerabilities Impacting Ghaf @@ -319,6 +324,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-5752](https://nvd.nist.gov/vuln/detail/CVE-2023-5752) | pip | 3.3 | 20.3.4-source | 24.0 | 25.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/276928), [PR](https://github.com/NixOS/nixpkgs/pull/368263)]* | | [CVE-2023-1386](https://nvd.nist.gov/vuln/detail/CVE-2023-1386) | qemu | 3.3 | 9.2.0 | 9.2.0 | 9.2.0 | Revisit when fixed upstream: [link](https://github.com/v9fs/linux/issues/29). | | [CVE-2025-0651](https://nvd.nist.gov/vuln/detail/CVE-2025-0651) | warp | | 3.3.31 | 3.4.7 | 3.4.7 | | +| [RUSTSEC-2025-0003](https://osv.dev/RUSTSEC-2025-0003) | fast-float | | 7.0.0 | 7.0.0 | 7.0.0 | | | [GHSA-pxg6-pf52-xh8x](https://osv.dev/GHSA-pxg6-pf52-xh8x) | cookie | | 0.4.6 | 0.5.0 | 0.5.0 | | | [GHSA-fwr7-v2mv-hh25](https://osv.dev/GHSA-fwr7-v2mv-hh25) | async | | 2.2.5 | 2.2.5 | 2.2.5 | | | [BIT-git-lfs-2024-53263](https://osv.dev/BIT-git-lfs-2024-53263) | git-lfs | | 3.6.0 | 3.6.0 | 3.6.1 | | @@ -332,6 +338,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2024-8088](https://nvd.nist.gov/vuln/detail/CVE-2024-8088) | python | | 2.7.18.8 | 3.13.1 | 3.13.1 | | | [CVE-2024-3219](https://nvd.nist.gov/vuln/detail/CVE-2024-3219) | python | | 2.7.18.8 | 3.13.1 | 3.13.1 | | | [OSV-2024-1391](https://osv.dev/OSV-2024-1391) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | +| [OSV-2024-1251](https://osv.dev/OSV-2024-1251) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [OSV-2024-1209](https://osv.dev/OSV-2024-1209) | libxml2 | | 2.13.5 | 2.13.5 | 2.13.5 | | | [OSV-2024-1059](https://osv.dev/OSV-2024-1059) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | | | [OSV-2024-1042](https://osv.dev/OSV-2024-1042) | ghostscript | | 10.04.0 | 10.04.0 | 10.04.0 | |