ryantm/nixpkgs-update
1
1
Fork 0
mirror of https://github.com/ryantm/nixpkgs-update.git synced 2024-12-12 11:28:23 +03:00
Code Issues Packages Projects Releases Wiki Activity

add notes researching CVE failed matches

Browse Source
This commit is contained in:
Ryan Mulligan 2019-10-06 16:16:31 -07:00
parent 990afa0319
commit 303aed0afc
1 changed files with 18 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
CVENOTES.org Normal file
View File

@ -0,0 +1,18 @@
* uzbl: 0.9.0 -> 0.9.1
- [CVE-2010-0011](https://nvd.nist.gov/vuln/detail/CVE-2010-0011)
- [CVE-2010-2809](https://nvd.nist.gov/vuln/detail/CVE-2010-2809)
Both CVEs refer to matchers that are date based releases, but the
author of the library switched to normal version numbering after
that, so these CVEs are reported as relevant even though they are
not.
* terraform: 0.12.7 -> 0.12.9
- [CVE-2018-9057](https://nvd.nist.gov/vuln/detail/CVE-2018-9057)
https://nvd.nist.gov/products/cpe/detail/492339?keyword=cpe:2.3:a:hashicorp:terraform:1.12.0:*:*:*:*:aws:*:*&status=FINAL,DEPRECATED&orderBy=CPEURI&namingFormat=2.3
CVE only applies to terraform-providers-aws, but you can only tell that by looking at the "Target Software" part.
* tor: 0.4.1.5 -> 0.4.1.6
https://nvd.nist.gov/vuln/detail/CVE-2017-16541
the CPE mistakenly uses tor for the product id when the product id should be torbrowser