tiff + libssh2: Apply CVE fixes

Signed-off-by: Philippe Deslauriers <[email protected]>
sergio-chainguard · Dec 29, 2023 · 81b36d8 · 81b36d8
1 parent 1ca6962
commit 81b36d8
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 2 deletions.
diff --git a/libssh2.advisories.yaml b/libssh2.advisories.yaml
@@ -1,4 +1,4 @@
-schema-version: "2"
+schema-version: 2.0.2
 
 package:
   name: libssh2
@@ -13,3 +13,12 @@ advisories:
         data:
           type: component-vulnerability-mismatch
           note: This CVE pertains to a defect in an example program in libssh, not libssh2.
+
+  - id: CVE-2023-48795
+    aliases:
+      - GHSA-45x7-px36-x8w8
+    events:
+      - timestamp: 2023-12-29T17:46:44Z
+        type: fixed
+        data:
+          fixed-version: 1.11.0-r2
diff --git a/tiff.advisories.yaml b/tiff.advisories.yaml
@@ -1,4 +1,4 @@
-schema-version: 2.0.1
+schema-version: 2.0.2
 
 package:
   name: tiff
@@ -14,6 +14,15 @@ advisories:
           type: vulnerable-code-version-not-used
           note: This was fixed upstream sometime around the 4.0.7 release, prior to wolfi packaging. It was also deemed not a security issue, but it was fixed anyway.
 
+  - id: CVE-2023-6228
+    aliases:
+      - GHSA-4v5g-xjvw-59g6
+    events:
+      - timestamp: 2023-12-29T17:47:04Z
+        type: fixed
+        data:
+          fixed-version: 4.6.0-r2
+
   - id: CVE-2023-6277
     aliases:
       - GHSA-fq8g-55cp-756j