From 2beacf824727cbaf3fba501d6b21f435fb5d5208 Mon Sep 17 00:00:00 2001 From: Philippe Deslauriers Date: Sun, 17 Dec 2023 09:47:40 -0800 Subject: [PATCH] Backfill aliases, add prometheus advisories Signed-off-by: Philippe Deslauriers --- byobu.advisories.yaml | 4 +++- certificate-transparency.advisories.yaml | 12 +++++++++++- cloud-sql-proxy.advisories.yaml | 12 +++++++++++- gatekeeper-3.12.advisories.yaml | 4 +++- gatekeeper-3.13.advisories.yaml | 4 +++- gatekeeper-3.14.advisories.yaml | 12 +++++++++++- istio-operator-1.19.advisories.yaml | 4 +++- istio-operator-1.20.advisories.yaml | 15 +++++++++++++++ istio-pilot-agent-1.18.advisories.yaml | 4 +++- istio-pilot-agent-1.19.advisories.yaml | 4 +++- istio-pilot-agent-1.20.advisories.yaml | 15 +++++++++++++++ istio-pilot-discovery-1.19.advisories.yaml | 4 +++- istio-pilot-discovery-1.20.advisories.yaml | 12 +++++++++++- loki.advisories.yaml | 4 +++- nodejs-16.advisories.yaml | 10 +++++++++- nodejs-18.advisories.yaml | 10 +++++++++- nodejs-20.advisories.yaml | 10 +++++++++- postgresql-11.advisories.yaml | 8 +++++++- postgresql-12.advisories.yaml | 8 +++++++- postgresql-13.advisories.yaml | 8 +++++++- postgresql-14.advisories.yaml | 8 +++++++- postgresql-15.advisories.yaml | 8 +++++++- postgresql-16.advisories.yaml | 8 +++++++- prometheus-operator.advisories.yaml | 4 +++- telegraf-1.26.advisories.yaml | 4 +++- telegraf-1.27.advisories.yaml | 4 +++- telegraf-1.29.advisories.yaml | 15 +++++++++++++++ thanos-0.31.advisories.yaml | 4 +++- thanos-0.32.advisories.yaml | 4 +++- traefik.advisories.yaml | 8 +++++++- trillian.advisories.yaml | 4 +++- 31 files changed, 207 insertions(+), 28 deletions(-) create mode 100644 istio-operator-1.20.advisories.yaml create mode 100644 istio-pilot-agent-1.20.advisories.yaml create mode 100644 telegraf-1.29.advisories.yaml diff --git a/byobu.advisories.yaml b/byobu.advisories.yaml index 87683fff80..c8e4a7b2b9 100644 --- a/byobu.advisories.yaml +++ b/byobu.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: byobu advisories: - id: CVE-2019-7306 + aliases: + - GHSA-2rpx-jj49-wf29 events: - timestamp: 2023-11-22T16:36:03Z type: false-positive-determination diff --git a/certificate-transparency.advisories.yaml b/certificate-transparency.advisories.yaml index d0188e264e..2034742158 100644 --- a/certificate-transparency.advisories.yaml +++ b/certificate-transparency.advisories.yaml @@ -1,9 +1,19 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: certificate-transparency advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:35:38Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. + - id: CVE-2023-44487 aliases: - GHSA-qppj-fm5r-hxr3 diff --git a/cloud-sql-proxy.advisories.yaml b/cloud-sql-proxy.advisories.yaml index 287ea48ab5..3cff4d9709 100644 --- a/cloud-sql-proxy.advisories.yaml +++ b/cloud-sql-proxy.advisories.yaml @@ -1,9 +1,19 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: cloud-sql-proxy advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:35:41Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. + - id: CVE-2023-39325 aliases: - GHSA-4374-p667-p6c8 diff --git a/gatekeeper-3.12.advisories.yaml b/gatekeeper-3.12.advisories.yaml index 0d519a5277..e22d51d7c0 100644 --- a/gatekeeper-3.12.advisories.yaml +++ b/gatekeeper-3.12.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: gatekeeper-3.12 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-30T19:52:44Z type: false-positive-determination diff --git a/gatekeeper-3.13.advisories.yaml b/gatekeeper-3.13.advisories.yaml index 45b796bacf..cd4afb3603 100644 --- a/gatekeeper-3.13.advisories.yaml +++ b/gatekeeper-3.13.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: gatekeeper-3.13 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-30T19:53:46Z type: false-positive-determination diff --git a/gatekeeper-3.14.advisories.yaml b/gatekeeper-3.14.advisories.yaml index d6b370e334..f1a27571e0 100644 --- a/gatekeeper-3.14.advisories.yaml +++ b/gatekeeper-3.14.advisories.yaml @@ -1,9 +1,19 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: gatekeeper-3.14 advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:35:48Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. + - id: CVE-2023-44487 aliases: - GHSA-m425-mq94-257g diff --git a/istio-operator-1.19.advisories.yaml b/istio-operator-1.19.advisories.yaml index 13f1586c9f..49d26ece32 100644 --- a/istio-operator-1.19.advisories.yaml +++ b/istio-operator-1.19.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: istio-operator-1.19 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-09-25T20:27:23Z type: false-positive-determination diff --git a/istio-operator-1.20.advisories.yaml b/istio-operator-1.20.advisories.yaml new file mode 100644 index 0000000000..b875d08554 --- /dev/null +++ b/istio-operator-1.20.advisories.yaml @@ -0,0 +1,15 @@ +schema-version: 2.0.2 + +package: + name: istio-operator-1.20 + +advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:35:54Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. diff --git a/istio-pilot-agent-1.18.advisories.yaml b/istio-pilot-agent-1.18.advisories.yaml index bbe2d079a7..fbb048334c 100644 --- a/istio-pilot-agent-1.18.advisories.yaml +++ b/istio-pilot-agent-1.18.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: istio-pilot-agent-1.18 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-09-15T13:54:14Z type: false-positive-determination diff --git a/istio-pilot-agent-1.19.advisories.yaml b/istio-pilot-agent-1.19.advisories.yaml index faadf558eb..ff56a434b8 100644 --- a/istio-pilot-agent-1.19.advisories.yaml +++ b/istio-pilot-agent-1.19.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: istio-pilot-agent-1.19 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-10-01T16:44:14Z type: false-positive-determination diff --git a/istio-pilot-agent-1.20.advisories.yaml b/istio-pilot-agent-1.20.advisories.yaml new file mode 100644 index 0000000000..97c5ddca18 --- /dev/null +++ b/istio-pilot-agent-1.20.advisories.yaml @@ -0,0 +1,15 @@ +schema-version: 2.0.2 + +package: + name: istio-pilot-agent-1.20 + +advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:35:59Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. diff --git a/istio-pilot-discovery-1.19.advisories.yaml b/istio-pilot-discovery-1.19.advisories.yaml index 2c82fd472d..471ee7aa96 100644 --- a/istio-pilot-discovery-1.19.advisories.yaml +++ b/istio-pilot-discovery-1.19.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: istio-pilot-discovery-1.19 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-09-15T13:54:14Z type: false-positive-determination diff --git a/istio-pilot-discovery-1.20.advisories.yaml b/istio-pilot-discovery-1.20.advisories.yaml index 41dd0528b3..f94bc973eb 100644 --- a/istio-pilot-discovery-1.20.advisories.yaml +++ b/istio-pilot-discovery-1.20.advisories.yaml @@ -1,9 +1,19 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: istio-pilot-discovery-1.20 advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:36:05Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2023-12-08T19:38:41Z diff --git a/loki.advisories.yaml b/loki.advisories.yaml index 0bec3399d7..11f902b690 100644 --- a/loki.advisories.yaml +++ b/loki.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: loki advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-09-02T01:06:18Z type: false-positive-determination diff --git a/nodejs-16.advisories.yaml b/nodejs-16.advisories.yaml index 2b37dc1519..08ff6d75b0 100644 --- a/nodejs-16.advisories.yaml +++ b/nodejs-16.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: nodejs-16 advisories: - id: CVE-2023-30581 + aliases: + - GHSA-86v4-9wq7-fx97 events: - timestamp: 2023-06-20T17:11:00Z type: fixed @@ -12,6 +14,8 @@ advisories: fixed-version: 16.20.1-r0 - id: CVE-2023-30585 + aliases: + - GHSA-4r2r-cf85-vmc7 events: - timestamp: 2023-06-20T17:11:00Z type: fixed @@ -19,6 +23,8 @@ advisories: fixed-version: 16.20.1-r0 - id: CVE-2023-30588 + aliases: + - GHSA-g526-x7vj-cfv6 events: - timestamp: 2023-06-20T17:11:00Z type: fixed @@ -35,6 +41,8 @@ advisories: fixed-version: 16.20.1-r0 - id: CVE-2023-30590 + aliases: + - GHSA-v63h-9gvh-2x49 events: - timestamp: 2023-06-20T17:11:00Z type: fixed diff --git a/nodejs-18.advisories.yaml b/nodejs-18.advisories.yaml index 0ae5bef8d0..fb8496ce38 100644 --- a/nodejs-18.advisories.yaml +++ b/nodejs-18.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: nodejs-18 advisories: - id: CVE-2023-30581 + aliases: + - GHSA-86v4-9wq7-fx97 events: - timestamp: 2023-06-20T19:07:00Z type: fixed @@ -12,6 +14,8 @@ advisories: fixed-version: 18.16.1-r0 - id: CVE-2023-30585 + aliases: + - GHSA-4r2r-cf85-vmc7 events: - timestamp: 2023-06-20T19:07:00Z type: fixed @@ -19,6 +23,8 @@ advisories: fixed-version: 18.16.1-r0 - id: CVE-2023-30588 + aliases: + - GHSA-g526-x7vj-cfv6 events: - timestamp: 2023-06-20T19:07:00Z type: fixed @@ -35,6 +41,8 @@ advisories: fixed-version: 18.16.1-r0 - id: CVE-2023-30590 + aliases: + - GHSA-v63h-9gvh-2x49 events: - timestamp: 2023-06-20T19:07:00Z type: fixed diff --git a/nodejs-20.advisories.yaml b/nodejs-20.advisories.yaml index 6b18495814..d10ba94055 100644 --- a/nodejs-20.advisories.yaml +++ b/nodejs-20.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: nodejs-20 advisories: - id: CVE-2023-30581 + aliases: + - GHSA-86v4-9wq7-fx97 events: - timestamp: 2023-06-20T19:07:00Z type: fixed @@ -33,6 +35,8 @@ advisories: fixed-version: 20.3.1-r0 - id: CVE-2023-30585 + aliases: + - GHSA-4r2r-cf85-vmc7 events: - timestamp: 2023-06-20T19:07:00Z type: fixed @@ -56,6 +60,8 @@ advisories: fixed-version: 20.3.1-r0 - id: CVE-2023-30588 + aliases: + - GHSA-g526-x7vj-cfv6 events: - timestamp: 2023-06-20T19:07:00Z type: fixed @@ -72,6 +78,8 @@ advisories: fixed-version: 20.3.1-r0 - id: CVE-2023-30590 + aliases: + - GHSA-v63h-9gvh-2x49 events: - timestamp: 2023-06-20T19:07:00Z type: fixed diff --git a/postgresql-11.advisories.yaml b/postgresql-11.advisories.yaml index 4ce294b9e7..3a182d9f61 100644 --- a/postgresql-11.advisories.yaml +++ b/postgresql-11.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: postgresql-11 @@ -15,6 +15,8 @@ advisories: note: This CVE appears to impact only Debian/Ubuntu. - id: CVE-2023-5868 + aliases: + - GHSA-3f9w-7983-qcmq events: - timestamp: 2023-11-09T14:51:03Z type: fixed @@ -22,6 +24,8 @@ advisories: fixed-version: 11.22-r0 - id: CVE-2023-5869 + aliases: + - GHSA-9625-p7pg-3cxg events: - timestamp: 2023-11-09T14:54:14Z type: fixed @@ -29,6 +33,8 @@ advisories: fixed-version: 11.22-r0 - id: CVE-2023-5870 + aliases: + - GHSA-5gp7-j4r7-g66f events: - timestamp: 2023-11-09T14:59:29Z type: fixed diff --git a/postgresql-12.advisories.yaml b/postgresql-12.advisories.yaml index a93409a938..09374f4bfd 100644 --- a/postgresql-12.advisories.yaml +++ b/postgresql-12.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: postgresql-12 @@ -25,6 +25,8 @@ advisories: note: Sanity dictates (and the maintainers agree) that this is neither a vulnerability nor a bug. https://www.postgresql.org/about/news/cve-2020-21469-is-not-a-security-vulnerability-2701/ - id: CVE-2023-5868 + aliases: + - GHSA-3f9w-7983-qcmq events: - timestamp: 2023-11-09T14:52:27Z type: fixed @@ -32,6 +34,8 @@ advisories: fixed-version: 12.17-r0 - id: CVE-2023-5869 + aliases: + - GHSA-9625-p7pg-3cxg events: - timestamp: 2023-11-09T14:58:31Z type: fixed @@ -39,6 +43,8 @@ advisories: fixed-version: 12.17-r0 - id: CVE-2023-5870 + aliases: + - GHSA-5gp7-j4r7-g66f events: - timestamp: 2023-11-09T14:59:34Z type: fixed diff --git a/postgresql-13.advisories.yaml b/postgresql-13.advisories.yaml index 4ba5460ae5..e38978a39a 100644 --- a/postgresql-13.advisories.yaml +++ b/postgresql-13.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: postgresql-13 @@ -15,6 +15,8 @@ advisories: note: This CVE appears to impact only Debian/Ubuntu. - id: CVE-2023-5868 + aliases: + - GHSA-3f9w-7983-qcmq events: - timestamp: 2023-11-09T14:53:12Z type: fixed @@ -22,6 +24,8 @@ advisories: fixed-version: 13.13-r0 - id: CVE-2023-5869 + aliases: + - GHSA-9625-p7pg-3cxg events: - timestamp: 2023-11-09T14:58:42Z type: fixed @@ -29,6 +33,8 @@ advisories: fixed-version: 13.13-r0 - id: CVE-2023-5870 + aliases: + - GHSA-5gp7-j4r7-g66f events: - timestamp: 2023-11-09T14:59:40Z type: fixed diff --git a/postgresql-14.advisories.yaml b/postgresql-14.advisories.yaml index 3ba8e6b2e8..eab5b0589e 100644 --- a/postgresql-14.advisories.yaml +++ b/postgresql-14.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: postgresql-14 @@ -15,6 +15,8 @@ advisories: note: This CVE appears to impact only Debian/Ubuntu. - id: CVE-2023-5868 + aliases: + - GHSA-3f9w-7983-qcmq events: - timestamp: 2023-11-09T14:53:24Z type: fixed @@ -22,6 +24,8 @@ advisories: fixed-version: 14.10-r0 - id: CVE-2023-5869 + aliases: + - GHSA-9625-p7pg-3cxg events: - timestamp: 2023-11-09T14:58:54Z type: fixed @@ -29,6 +33,8 @@ advisories: fixed-version: 14.10-r0 - id: CVE-2023-5870 + aliases: + - GHSA-5gp7-j4r7-g66f events: - timestamp: 2023-11-09T14:59:47Z type: fixed diff --git a/postgresql-15.advisories.yaml b/postgresql-15.advisories.yaml index 15b4af3013..5c0210bffe 100644 --- a/postgresql-15.advisories.yaml +++ b/postgresql-15.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: postgresql-15 @@ -24,6 +24,8 @@ advisories: fixed-version: 15.2-r0 - id: CVE-2023-5868 + aliases: + - GHSA-3f9w-7983-qcmq events: - timestamp: 2023-11-09T14:53:37Z type: fixed @@ -31,6 +33,8 @@ advisories: fixed-version: 15.5-r0 - id: CVE-2023-5869 + aliases: + - GHSA-9625-p7pg-3cxg events: - timestamp: 2023-11-09T14:59:03Z type: fixed @@ -38,6 +42,8 @@ advisories: fixed-version: 15.5-r0 - id: CVE-2023-5870 + aliases: + - GHSA-5gp7-j4r7-g66f events: - timestamp: 2023-11-09T14:59:53Z type: fixed diff --git a/postgresql-16.advisories.yaml b/postgresql-16.advisories.yaml index ae2ec58f4c..806cf5fb61 100644 --- a/postgresql-16.advisories.yaml +++ b/postgresql-16.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: postgresql-16 @@ -15,6 +15,8 @@ advisories: note: This CVE appears to impact only Debian/Ubuntu. - id: CVE-2023-5868 + aliases: + - GHSA-3f9w-7983-qcmq events: - timestamp: 2023-11-09T14:53:52Z type: fixed @@ -22,6 +24,8 @@ advisories: fixed-version: 16.1-r0 - id: CVE-2023-5869 + aliases: + - GHSA-9625-p7pg-3cxg events: - timestamp: 2023-11-09T14:59:14Z type: fixed @@ -29,6 +33,8 @@ advisories: fixed-version: 16.1-r0 - id: CVE-2023-5870 + aliases: + - GHSA-5gp7-j4r7-g66f events: - timestamp: 2023-11-09T15:00:02Z type: fixed diff --git a/prometheus-operator.advisories.yaml b/prometheus-operator.advisories.yaml index 41647d4abb..762ab71ede 100644 --- a/prometheus-operator.advisories.yaml +++ b/prometheus-operator.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: prometheus-operator advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-11T21:13:07Z type: false-positive-determination diff --git a/telegraf-1.26.advisories.yaml b/telegraf-1.26.advisories.yaml index a672038e8e..7079b7213f 100644 --- a/telegraf-1.26.advisories.yaml +++ b/telegraf-1.26.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: telegraf-1.26 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-25T22:09:21Z type: false-positive-determination diff --git a/telegraf-1.27.advisories.yaml b/telegraf-1.27.advisories.yaml index e41a7fb9cb..bf3e0efa51 100644 --- a/telegraf-1.27.advisories.yaml +++ b/telegraf-1.27.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: telegraf-1.27 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-25T22:09:52Z type: false-positive-determination diff --git a/telegraf-1.29.advisories.yaml b/telegraf-1.29.advisories.yaml new file mode 100644 index 0000000000..b03e444907 --- /dev/null +++ b/telegraf-1.29.advisories.yaml @@ -0,0 +1,15 @@ +schema-version: 2.0.2 + +package: + name: telegraf-1.29 + +advisories: + - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f + events: + - timestamp: 2023-12-17T17:36:20Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version. diff --git a/thanos-0.31.advisories.yaml b/thanos-0.31.advisories.yaml index 058744badf..ea64ccb1c2 100644 --- a/thanos-0.31.advisories.yaml +++ b/thanos-0.31.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: thanos-0.31 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-30T21:45:02Z type: false-positive-determination diff --git a/thanos-0.32.advisories.yaml b/thanos-0.32.advisories.yaml index 66d85aa194..cfe1216e44 100644 --- a/thanos-0.32.advisories.yaml +++ b/thanos-0.32.advisories.yaml @@ -1,10 +1,12 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: thanos-0.32 advisories: - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-08-30T21:45:02Z type: false-positive-determination diff --git a/traefik.advisories.yaml b/traefik.advisories.yaml index ffb2a4eb06..ce49833898 100644 --- a/traefik.advisories.yaml +++ b/traefik.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: traefik @@ -79,6 +79,8 @@ advisories: note: Only affects Windows - id: CVE-2023-47106 + aliases: + - GHSA-fvhj-4qfh-q2hm events: - timestamp: 2023-12-04T21:24:39Z type: fixed @@ -86,6 +88,8 @@ advisories: fixed-version: 2.10.6-r0 - id: CVE-2023-47124 + aliases: + - GHSA-8g85-whqh-cr2f events: - timestamp: 2023-12-04T21:24:09Z type: fixed @@ -93,6 +97,8 @@ advisories: fixed-version: 2.10.6-r0 - id: CVE-2023-47633 + aliases: + - GHSA-6fwg-jrfw-ff7p events: - timestamp: 2023-12-04T21:24:28Z type: fixed diff --git a/trillian.advisories.yaml b/trillian.advisories.yaml index 9fd66e29e3..1fcffd6f52 100644 --- a/trillian.advisories.yaml +++ b/trillian.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: trillian @@ -56,6 +56,8 @@ advisories: note: CVE refers to the instant messaging platform called 'Trillian'. - id: CVE-2019-3826 + aliases: + - GHSA-3m87-5598-2v4f events: - timestamp: 2023-10-01T16:46:09Z type: false-positive-determination