diff --git a/reports/main/data.csv b/reports/main/data.csv index 88b3ef7..537ed5b 100644 --- a/reports/main/data.csv +++ b/reports/main/data.csv @@ -1,11 +1,11 @@ "target","flakeref","pintype","vuln_id","url","package","severity","version_local","version_nixpkgs","version_upstream","package_repology","sortcol","whitelist","whitelist_comment","classify","nixpkgs_pr" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-41817","https://nvd.nist.gov/vuln/detail/CVE-2024-41817","imagemagick","7.0","7.1.1-35","7.1.1-36","7.1.1.37","imagemagick","2024A0000041817","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" @@ -191,7 +191,7 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40898","https://nvd.nist.gov/vuln/detail/CVE-2022-40898","wheel","7.5","0.37.1-source","0.43.0","0.44.0","python:wheel","2022A0000040898","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/210565" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.1","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","74.0.0","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.45.2","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" @@ -536,12 +536,12 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-2002-0059","https://nvd.nist.gov/vuln/detail/CVE-2002-0059","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2002A0000000059","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","current","CVE-1999-0475","https://nvd.nist.gov/vuln/detail/CVE-1999-0475","procmail","","3.24","3.24","3.24","procmail","1999A0000000475","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-41817","https://nvd.nist.gov/vuln/detail/CVE-2024-41817","imagemagick","7.0","7.1.1-35","7.1.1-36","7.1.1.37","imagemagick","2024A0000041817","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" @@ -727,7 +727,7 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-40898","https://nvd.nist.gov/vuln/detail/CVE-2022-40898","wheel","7.5","0.37.1-source","0.43.0","0.44.0","python:wheel","2022A0000040898","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/210565" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.1","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","74.0.0","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.45.2","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" @@ -1072,12 +1072,12 @@ https://github.com/NixOS/nixpkgs/pull/205374" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-2002-0059","https://nvd.nist.gov/vuln/detail/CVE-2002-0059","zlib","9.8","0.6.3.0","0.7.1.0","0.7.1.0","haskell:zlib","2002A0000000059","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","lock_updated","CVE-1999-0475","https://nvd.nist.gov/vuln/detail/CVE-1999-0475","procmail","","3.24","3.24","3.24","procmail","1999A0000000475","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","GHSA-fwr7-v2mv-hh25","https://osv.dev/GHSA-fwr7-v2mv-hh25","async","","2.2.5","2.2.5","2.2.5","haskell:async","2024A1719187200","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-43790","https://nvd.nist.gov/vuln/detail/CVE-2024-43790","vim","4.5","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000043790","False","","err_not_vulnerable_based_on_repology","" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-43374","https://nvd.nist.gov/vuln/detail/CVE-2024-43374","vim","4.5","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000043374","False","","err_not_vulnerable_based_on_repology","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41965","https://nvd.nist.gov/vuln/detail/CVE-2024-41965","vim","4.2","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000041965","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0697","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-41957","https://nvd.nist.gov/vuln/detail/CVE-2024-41957","vim","5.3","9.1.0595","9.1.0595","9.1.0698","vim","2024A0000041957","False","","fix_update_to_version_upstream","https://github.com/NixOS/nixpkgs/pull/335213 https://github.com/NixOS/nixpkgs/pull/335269" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-35328","https://nvd.nist.gov/vuln/detail/CVE-2024-35328","libyaml","7.5","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035328","False","","fix_not_available","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2024-35326","https://nvd.nist.gov/vuln/detail/CVE-2024-35326","libyaml","9.8","0.2.5","0.2.5","0.2.5","libyaml","2024A0000035326","False","","fix_not_available","" @@ -1246,7 +1246,7 @@ https://github.com/NixOS/nixpkgs/pull/253430" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5-r7.cabal","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-41316","https://nvd.nist.gov/vuln/detail/CVE-2022-41316","vault","5.3","0.3.1.5","0.3.1.5","0.3.1.5","haskell:vault","2022A0000041316","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-40898","https://nvd.nist.gov/vuln/detail/CVE-2022-40898","wheel","7.5","0.37.1-source","0.43.0","0.44.0","python:wheel","2022A0000040898","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/210565" -"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","73.0.1","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" +"packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-40897","https://nvd.nist.gov/vuln/detail/CVE-2022-40897","setuptools","5.9","44.0.0-source","72.1.0","74.0.0","python:setuptools","2022A0000040897","False","","fix_update_to_version_nixpkgs","https://github.com/NixOS/nixpkgs/pull/331098" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-38663","https://nvd.nist.gov/vuln/detail/CVE-2022-38663","git","6.5","2.45.2","","","","2022A0000038663","True","Incorrect package: Impacts Jenkins git plugin, not git. Issue gets included to the report due to vulnix's design decision to avoid false negatives with the cost of false positives: https://github.com/nix-community/vulnix/blob/f56f3ac857626171b95e51d98cb6874278f789d3/src/vulnix/vulnerability.py#L90-L96.","err_missing_repology_version","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21-r1.cabal","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" "packages.x86_64-linux.lenovo-x1-carbon-gen11-debug","github:tiiuae/ghaf?ref=main","nix_unstable","CVE-2022-38164","https://nvd.nist.gov/vuln/detail/CVE-2022-38164","safe","6.5","0.3.21","0.3.21","0.3.21","haskell:safe","2022A0000038164","False","","err_not_vulnerable_based_on_repology","" diff --git a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md index f7da016..707a563 100644 --- a/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md +++ b/reports/main/packages.x86_64-linux.lenovo-x1-carbon-gen11-debug.md @@ -248,7 +248,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-28320](https://nvd.nist.gov/vuln/detail/CVE-2023-28320) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* | | [CVE-2022-48566](https://nvd.nist.gov/vuln/detail/CVE-2022-48566) | python | 5.9 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2022-43552](https://nvd.nist.gov/vuln/detail/CVE-2022-43552) | curl | 5.9 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/207158), [PR](https://github.com/NixOS/nixpkgs/pull/207162), [PR](https://github.com/NixOS/nixpkgs/pull/207165)]* | -| [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 72.1.0 | 73.0.1 | *[[PR](https://github.com/NixOS/nixpkgs/pull/331098)]* | +| [CVE-2022-40897](https://nvd.nist.gov/vuln/detail/CVE-2022-40897) | setuptools | 5.9 | 44.0.0-source | 72.1.0 | 74.0.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/331098)]* | | [CVE-2021-23336](https://nvd.nist.gov/vuln/detail/CVE-2021-23336) | python | 5.9 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/117037), [PR](https://github.com/NixOS/nixpkgs/pull/117082), [PR](https://github.com/NixOS/nixpkgs/pull/118403)]* | | [CVE-2021-3572](https://nvd.nist.gov/vuln/detail/CVE-2021-3572) | pip | 5.7 | 20.3.4-source | 24.0 | 24.2 | | | [CVE-2024-24789](https://nvd.nist.gov/vuln/detail/CVE-2024-24789) | go | 5.5 | 1.21.0-linux-amd | 1.23.0 | 1.23.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/319485), [PR](https://github.com/NixOS/nixpkgs/pull/334447)]* | @@ -297,7 +297,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | | | [CVE-2021-41802](https://nvd.nist.gov/vuln/detail/CVE-2021-41802) | vault | 5.4 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | | | [CVE-2020-2136](https://nvd.nist.gov/vuln/detail/CVE-2020-2136) | git | 5.4 | 2.45.2 | 2.45.2 | 2.46.0 | *[[PR](https://github.com/NixOS/nixpkgs/pull/82872), [PR](https://github.com/NixOS/nixpkgs/pull/84664)]* | -| [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0595 | 9.1.0697 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [CVE-2024-41957](https://nvd.nist.gov/vuln/detail/CVE-2024-41957) | vim | 5.3 | 9.1.0595 | 9.1.0595 | 9.1.0698 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2023-40217](https://nvd.nist.gov/vuln/detail/CVE-2023-40217) | python | 5.3 | 2.7.18.8 | 3.13.0rc1 | 3.12.5 | | | [CVE-2023-7216](https://nvd.nist.gov/vuln/detail/CVE-2023-7216) | cpio | 5.3 | 2.15 | 2.15 | 2.15 | | | [CVE-2022-43410](https://nvd.nist.gov/vuln/detail/CVE-2022-43410) | mercurial | 5.3 | 6.8 | 6.8.1 | 6.8.1 | | @@ -317,8 +317,8 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2023-4039](https://nvd.nist.gov/vuln/detail/CVE-2023-4039) | gcc | 4.8 | 13.3.0 | 13.3.0 | 14.2.0 | | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5-r7.cabal | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | | [CVE-2023-25000](https://nvd.nist.gov/vuln/detail/CVE-2023-25000) | vault | 4.7 | 0.3.1.5 | 0.3.1.5 | 0.3.1.5 | *[[PR](https://github.com/NixOS/nixpkgs/pull/227692)]* | -| [CVE-2024-43790](https://nvd.nist.gov/vuln/detail/CVE-2024-43790) | vim | 4.5 | 9.1.0595 | 9.1.0595 | 9.1.0697 | | -| [CVE-2024-43374](https://nvd.nist.gov/vuln/detail/CVE-2024-43374) | vim | 4.5 | 9.1.0595 | 9.1.0595 | 9.1.0697 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [CVE-2024-43790](https://nvd.nist.gov/vuln/detail/CVE-2024-43790) | vim | 4.5 | 9.1.0595 | 9.1.0595 | 9.1.0698 | | +| [CVE-2024-43374](https://nvd.nist.gov/vuln/detail/CVE-2024-43374) | vim | 4.5 | 9.1.0595 | 9.1.0595 | 9.1.0698 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2022-28873](https://nvd.nist.gov/vuln/detail/CVE-2022-28873) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2022-28870](https://nvd.nist.gov/vuln/detail/CVE-2022-28870) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | @@ -332,7 +332,7 @@ Consider [whitelisting](../../manual_analysis.csv) possible false positives base | [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-40834](https://nvd.nist.gov/vuln/detail/CVE-2021-40834) | safe | 4.3 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2018-14628](https://nvd.nist.gov/vuln/detail/CVE-2018-14628) | samba | 4.3 | 4.20.1 | 4.20.4 | 4.20.4 | *[[PR](https://github.com/NixOS/nixpkgs/pull/270419)]* | -| [CVE-2024-41965](https://nvd.nist.gov/vuln/detail/CVE-2024-41965) | vim | 4.2 | 9.1.0595 | 9.1.0595 | 9.1.0697 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | +| [CVE-2024-41965](https://nvd.nist.gov/vuln/detail/CVE-2024-41965) | vim | 4.2 | 9.1.0595 | 9.1.0595 | 9.1.0698 | *[[PR](https://github.com/NixOS/nixpkgs/pull/335213), [PR](https://github.com/NixOS/nixpkgs/pull/335269)]* | | [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21-r1.cabal | 0.3.21 | 0.3.21 | | | [CVE-2021-33596](https://nvd.nist.gov/vuln/detail/CVE-2021-33596) | safe | 4.1 | 0.3.21 | 0.3.21 | 0.3.21 | | | [CVE-2023-28322](https://nvd.nist.gov/vuln/detail/CVE-2023-28322) | curl | 3.7 | 0.4.46 | | | *[[PR](https://github.com/NixOS/nixpkgs/pull/232531), [PR](https://github.com/NixOS/nixpkgs/pull/232535)]* |