Backfill aliases, add prometheus advisories

Signed-off-by: Philippe Deslauriers <[email protected]>

byobu.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: byobu
 
 advisories:
   - id: CVE-2019-7306
+    aliases:
+      - GHSA-2rpx-jj49-wf29
     events:
       - timestamp: 2023-11-22T16:36:03Z
         type: false-positive-determination

certificate-transparency.advisories.yaml

@@ -1,9 +1,19 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: certificate-transparency
 
 advisories:
+  - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
+    events:
+      - timestamp: 2023-12-17T17:35:38Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.
+
   - id: CVE-2023-44487
     aliases:
       - GHSA-qppj-fm5r-hxr3

cloud-sql-proxy.advisories.yaml

@@ -1,9 +1,19 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: cloud-sql-proxy
 
 advisories:
+  - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
+    events:
+      - timestamp: 2023-12-17T17:35:41Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.
+
   - id: CVE-2023-39325
     aliases:
       - GHSA-4374-p667-p6c8

gatekeeper-3.12.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: gatekeeper-3.12
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-08-30T19:52:44Z
         type: false-positive-determination

gatekeeper-3.13.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: gatekeeper-3.13
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-08-30T19:53:46Z
         type: false-positive-determination

gatekeeper-3.14.advisories.yaml

@@ -1,9 +1,19 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: gatekeeper-3.14
 
 advisories:
+  - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
+    events:
+      - timestamp: 2023-12-17T17:35:48Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.
+
   - id: CVE-2023-44487
     aliases:
       - GHSA-m425-mq94-257g

istio-operator-1.19.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: istio-operator-1.19
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-09-25T20:27:23Z
         type: false-positive-determination

istio-operator-1.20.advisories.yaml

@@ -0,0 +1,15 @@
+schema-version: 2.0.2
+
+package:
+  name: istio-operator-1.20
+
+advisories:
+  - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
+    events:
+      - timestamp: 2023-12-17T17:35:54Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.

istio-pilot-agent-1.18.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: istio-pilot-agent-1.18
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-09-15T13:54:14Z
         type: false-positive-determination

istio-pilot-agent-1.19.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: istio-pilot-agent-1.19
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-10-01T16:44:14Z
         type: false-positive-determination

istio-pilot-agent-1.20.advisories.yaml

@@ -0,0 +1,15 @@
+schema-version: 2.0.2
+
+package:
+  name: istio-pilot-agent-1.20
+
+advisories:
+  - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
+    events:
+      - timestamp: 2023-12-17T17:35:59Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.

istio-pilot-discovery-1.19.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: istio-pilot-discovery-1.19
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-09-15T13:54:14Z
         type: false-positive-determination

istio-pilot-discovery-1.20.advisories.yaml

@@ -1,9 +1,19 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: istio-pilot-discovery-1.20
 
 advisories:
+  - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
+    events:
+      - timestamp: 2023-12-17T17:36:05Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-version-not-used
+          note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.
+
   - id: GHSA-2c7c-3mj9-8fqh
     events:
       - timestamp: 2023-12-08T19:38:41Z

loki.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: loki
 
 advisories:
   - id: CVE-2019-3826
+    aliases:
+      - GHSA-3m87-5598-2v4f
     events:
       - timestamp: 2023-09-02T01:06:18Z
         type: false-positive-determination

nodejs-16.advisories.yaml

@@ -1,24 +1,30 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: nodejs-16
 
 advisories:
   - id: CVE-2023-30581
+    aliases:
+      - GHSA-86v4-9wq7-fx97
     events:
       - timestamp: 2023-06-20T17:11:00Z
         type: fixed
         data:
           fixed-version: 16.20.1-r0
 
   - id: CVE-2023-30585
+    aliases:
+      - GHSA-4r2r-cf85-vmc7
     events:
       - timestamp: 2023-06-20T17:11:00Z
         type: fixed
         data:
           fixed-version: 16.20.1-r0
 
   - id: CVE-2023-30588
+    aliases:
+      - GHSA-g526-x7vj-cfv6
     events:
       - timestamp: 2023-06-20T17:11:00Z
         type: fixed
@@ -35,6 +41,8 @@ advisories:
           fixed-version: 16.20.1-r0
 
   - id: CVE-2023-30590
+    aliases:
+      - GHSA-v63h-9gvh-2x49
     events:
       - timestamp: 2023-06-20T17:11:00Z
         type: fixed

nodejs-18.advisories.yaml

@@ -1,24 +1,30 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: nodejs-18
 
 advisories:
   - id: CVE-2023-30581
+    aliases:
+      - GHSA-86v4-9wq7-fx97
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed
         data:
           fixed-version: 18.16.1-r0
 
   - id: CVE-2023-30585
+    aliases:
+      - GHSA-4r2r-cf85-vmc7
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed
         data:
           fixed-version: 18.16.1-r0
 
   - id: CVE-2023-30588
+    aliases:
+      - GHSA-g526-x7vj-cfv6
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed
@@ -35,6 +41,8 @@ advisories:
           fixed-version: 18.16.1-r0
 
   - id: CVE-2023-30590
+    aliases:
+      - GHSA-v63h-9gvh-2x49
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed

nodejs-20.advisories.yaml

@@ -1,10 +1,12 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: nodejs-20
 
 advisories:
   - id: CVE-2023-30581
+    aliases:
+      - GHSA-86v4-9wq7-fx97
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed
@@ -33,6 +35,8 @@ advisories:
           fixed-version: 20.3.1-r0
 
   - id: CVE-2023-30585
+    aliases:
+      - GHSA-4r2r-cf85-vmc7
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed
@@ -56,6 +60,8 @@ advisories:
           fixed-version: 20.3.1-r0
 
   - id: CVE-2023-30588
+    aliases:
+      - GHSA-g526-x7vj-cfv6
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed
@@ -72,6 +78,8 @@ advisories:
           fixed-version: 20.3.1-r0
 
   - id: CVE-2023-30590
+    aliases:
+      - GHSA-v63h-9gvh-2x49
     events:
       - timestamp: 2023-06-20T19:07:00Z
         type: fixed

postgresql-11.advisories.yaml

@@ -1,4 +1,4 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: postgresql-11
@@ -15,20 +15,26 @@ advisories:
           note: This CVE appears to impact only Debian/Ubuntu.
 
   - id: CVE-2023-5868
+    aliases:
+      - GHSA-3f9w-7983-qcmq
     events:
       - timestamp: 2023-11-09T14:51:03Z
         type: fixed
         data:
           fixed-version: 11.22-r0
 
   - id: CVE-2023-5869
+    aliases:
+      - GHSA-9625-p7pg-3cxg
     events:
       - timestamp: 2023-11-09T14:54:14Z
         type: fixed
         data:
           fixed-version: 11.22-r0
 
   - id: CVE-2023-5870
+    aliases:
+      - GHSA-5gp7-j4r7-g66f
     events:
       - timestamp: 2023-11-09T14:59:29Z
         type: fixed