Skip to content

Commit

Permalink
chromium: File advisories for false-positives
Browse files Browse the repository at this point in the history 
Signed-off-by: Philippe Deslauriers <[email protected]>
  • Loading branch information
@pdeslaur
pdeslaur committed Mar 3, 2024
1 parent 380e8d6 commit 485bcfe
Showing 1 changed file with 60 additions and 0 deletions.
60 changes: 60 additions & 0 deletions chromium.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:41:02Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: This vulnerability is a vague advisory and does not point to a real security issue.

- id: CVE-2009-1598
aliases:
Expand All @@ -37,6 +42,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:44:05Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: The vulnerability does not include sufficient information. It looks like a disagreement around Adobe PDF Javascript restrictions instead of a real secuiry issue.

- id: CVE-2010-1731
aliases:
Expand All @@ -54,6 +64,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:22:31Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: This vulnerability has been resolved around ~2010 and does't apply to the chromium version in Wolfi.

- id: CVE-2011-3389
aliases:
Expand All @@ -71,6 +86,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:29:03Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: 'This vulnerability (nickname "BEAST") was disclosed in 2012 and fixed in chromium version 15. You can find useful information about this vulnerability here: https://chromereleases.googleblog.com/2011/10/chrome-stable-release.html'

- id: CVE-2012-4929
aliases:
Expand All @@ -88,6 +108,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:24:08Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: 'This vulnerability (nickname "CRIME") was disclosed in 2012. Chrome has not been affected since version 21. You can find useful information about this vulnerability here: https://www.imperialviolet.org/2012/09/21/crime.html'

- id: CVE-2012-4930
aliases:
Expand All @@ -105,6 +130,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T21:57:58Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: 'This vulnerability (nickname "CRIME") was disclosed in 2012. Chrome has not been affected since version 21. You can find useful information about this vulnerability here: https://www.imperialviolet.org/2012/09/21/crime.html'

- id: CVE-2013-6647
aliases:
Expand All @@ -122,6 +152,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:38:41Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: This vulnerability was fixed in chromium version 33. The first version in Wolfi is 122.

- id: CVE-2013-6662
aliases:
Expand All @@ -139,6 +174,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:18:13Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: This vulnerability was fixed in chromium version 33. The first version in Wolfi is 122.

- id: CVE-2015-4000
aliases:
Expand All @@ -156,6 +196,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:34:13Z
type: false-positive-determination
data:
type: inline-mitigations-exist
note: 'This vulnerability (nickname "Logjam") was disclosed in 2015. You can read the chromium team response here: https://groups.google.com/a/chromium.org/g/security-dev/c/WyGIpevBV1s/m/68W-VMOoxqkJ. Chromium recognizes this vulnerability as a server configuration issue. Chrome increased the minimum DH size to 1024 bits in version 45. You can find useful information about this vulnerability here: https://weakdh.org/'

- id: CVE-2016-7152
aliases:
Expand All @@ -173,6 +218,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:12:32Z
type: false-positive-determination
data:
type: component-vulnerability-mismatch
note: This vulnerability applies to the HTTPS protocol and not specifically chromium. This vulnerability (nickname "HEIST") was disclosed in 2016.

- id: CVE-2016-7153
aliases:
Expand All @@ -190,6 +240,11 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:15:27Z
type: false-positive-determination
data:
type: component-vulnerability-mismatch
note: This vulnerability applies to the HTTPS protocol and not specifically chromium. This vulnerability (nickname "HEIST") was disclosed in 2016. Note that this vulnerability is a duplicate of CVE-2016-7152

- id: CVE-2018-10229
aliases:
Expand All @@ -207,3 +262,8 @@ advisories:
componentType: apk
componentLocation: /.PKGINFO
scanner: grype
- timestamp: 2024-03-03T22:04:57Z
type: false-positive-determination
data:
type: vulnerable-code-version-not-used
note: 'The Chromium project fixed this vulnerability in version 65: https://www.chromium.org/chromium-os/glitch-vulnerability-status/'

0 comments on commit 485bcfe

Please sign in to comment.