nixpkgs-update/CVENOTES.org at b4b5a6e7ad8ead1f750ac881746269707d751629

ryantm/nixpkgs-update

Fork 0

mirror of https://github.com/ryantm/nixpkgs-update.git synced 2024-09-20 02:07:32 +03:00

Ryan Mulligan bb67484804 update CVE notes

2019-10-12 07:34:52 -07:00

1.1 KiB

Raw Blame History

uzbl: 0.9.0 -> 0.9.1
terraform: 0.12.7 -> 0.12.9
tor: 0.4.1.5 -> 0.4.1.6
arena: 1.1 -> 1.06

uzbl: 0.9.0 -> 0.9.1

[CVE-2010-0011](https://nvd.nist.gov/vuln/detail/CVE-2010-0011)
[CVE-2010-2809](https://nvd.nist.gov/vuln/detail/CVE-2010-2809)

Both CVEs refer to matchers that are date based releases, but the author of the library switched to normal version numbering after that, so these CVEs are reported as relevant even though they are not.

terraform: 0.12.7 -> 0.12.9

[CVE-2018-9057](https://nvd.nist.gov/vuln/detail/CVE-2018-9057)

https://nvd.nist.gov/products/cpe/detail/492339?keyword=cpe:2.3🅰️hashicorp:terraform:1.12.0:*:*:*:*:aws:*:*&status=FINAL,DEPRECATED&orderBy=CPEURI&namingFormat=2.3

CVE only applies to terraform-providers-aws, but you can only tell that by looking at the "Target Software" part.

tor: 0.4.1.5 -> 0.4.1.6

https://nvd.nist.gov/vuln/detail/CVE-2017-16541

the CPE mistakenly uses tor for the product id when the product id should be torbrowser

arena: 1.1 -> 1.06

[CVE-2018-8843](https://nvd.nist.gov/vuln/detail/CVE-2018-8843)
[CVE-2019-15567](https://nvd.nist.gov/vuln/detail/CVE-2019-15567)

Not rockwellautomation:arena Not openforis:arena

1.1 KiB Raw Blame History

uzbl: 0.9.0 -> 0.9.1

terraform: 0.12.7 -> 0.12.9

tor: 0.4.1.5 -> 0.4.1.6

arena: 1.1 -> 1.06

1.1 KiB

Raw Blame History