forked from aquasecurity/vuln-list-update
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(wrlinux): Add Wind River Linux vulnerability data (aquasecurity#177
) Signed-off-by: Sakib Sajal <[email protected]>
- Loading branch information
Showing
10 changed files
with
629 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -35,12 +35,20 @@ import ( | |
"github.com/aquasecurity/vuln-list-update/ubuntu" | ||
"github.com/aquasecurity/vuln-list-update/utils" | ||
"github.com/aquasecurity/vuln-list-update/wolfi" | ||
"github.com/aquasecurity/vuln-list-update/wrlinux" | ||
) | ||
|
||
const ( | ||
repoURL = "https://%[email protected]/%s/%s.git" | ||
defaultRepoOwner = "aquasecurity" | ||
defaultRepoName = "vuln-list" | ||
) | ||
|
||
var ( | ||
target = flag.String("target", "", "update target (nvd, alpine, alpine-unfixed, redhat, redhat-oval, "+ | ||
"debian, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, mariner, kevc, wolfi, chainguard, k8s)") | ||
"debian, ubuntu, amazon, oracle-oval, suse-cvrf, photon, arch-linux, ghsa, glad, cwe, osv, mariner, kevc, wolfi, chainguard, k8s, wrlinux)") | ||
vulnListDir = flag.String("vuln-list-dir", "", "vuln-list dir") | ||
years = flag.String("years", "", "update years (only redhat)") | ||
targetUri = flag.String("target-uri", "", "alternative repository URI (only glad)") | ||
targetBranch = flag.String("target-branch", "", "alternative repository branch (only glad)") | ||
) | ||
|
@@ -176,6 +184,12 @@ func run() error { | |
if err := k8s.Update(); err != nil { | ||
return xerrors.Errorf("k8s update error: %w", err) | ||
} | ||
commitMsg = "Chainguard Security Data" | ||
case "wrlinux": | ||
if err := wrlinux.Update(); err != nil { | ||
return xerrors.Errorf("WRLinux update error: %w", err) | ||
} | ||
commitMsg = "Wind River CVE Tracker" | ||
default: | ||
return xerrors.New("unknown target") | ||
} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
Candidate: CVE-2012-0880 | ||
PublicDate: 2017-08-08 | ||
Description: | ||
Apache Xerces-C++ allows remote attackers to cause a denial of | ||
service (CPU consumption) via a crafted message sent to an XML | ||
service that causes hash table collisions. | ||
Notes: | ||
note 1 line 1 | ||
note 1 line 2 | ||
note 2 line 1 | ||
note 2 line 2 | ||
Priority: high | ||
Bugs: | ||
LIN10-1106 | ||
|
||
Patches_xerces: | ||
10.17.41.1_xerces: released (10.17.41.1) | ||
10.18.44.1_xerces: ignored (will not fix) | ||
10.19.45.1_xerces: ignored (will not fix) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
Candidate: CVE-2015-8985 | ||
PublicDate: 2017-03-20 | ||
Description: | ||
The pop_fail_stack function in the GNU C Library (aka glibc or | ||
libc6) allows context-dependent attackers to cause a denial of | ||
service (assertion failure and application crash) via vectors | ||
related to extended regular expression processing. | ||
Notes: | ||
glibc | ||
Priority: medium | ||
Bugs: | ||
|
||
Patches_glibc: | ||
10.18.44.1_glibc: pending | ||
10.19.45.1_glibc: pending | ||
|
||
Patches_eglibc: | ||
10.18.44.1_eglibc: pending | ||
10.19.45.1_eglibc: pending |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
Candidate: CVE-2021-39648 | ||
PublicDate: 2021-12-15 | ||
Description: | ||
In gadget_dev_desc_UDC_show of configfs.c, there is a possible | ||
disclosure of kernel heap memory due to a race condition. | ||
References: | ||
Upstream kernel | ||
Upstream linux | ||
Notes: | ||
This could lead to local information disclosure with System execution privileges needed. | ||
User interaction is not needed for exploitation. | ||
Priority: medium | ||
Bugs: | ||
LINCD-7525 | ||
LIN1021-2165 | ||
LIN1019-7478 | ||
LIN1018-8466 | ||
Patches_linux: | ||
10.20.6.0_linux: not-affected | ||
10.21.20.1_linux: not-affected | ||
10.19.45.1_linux: released (10.19.45.21) | ||
10.18.44.1_linux: released (10.18.44.25) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
Candidate: CVE-2020-24241 | ||
PublicDate: 2020-08-25 | ||
Description: | ||
In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free | ||
in saa_wbytes in nasmlib/saa.c. | ||
Priority: medium | ||
Bugs: | ||
LINCD-2974 | ||
LIN1019-5289 | ||
LIN1018-6614 | ||
LIN10-7689 | ||
|
||
Patches_nasm: | ||
10.20.6.0_nasm: not-affected | ||
10.19.45.1_nasm: pending | ||
10.18.44.1_nasm: ignored | ||
10.17.41.1_nasm: released (10.17.41.22) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
Candidate: CVE-2022-3134 | ||
|
||
PublicDate: 2022-09-06 | ||
|
||
Description: | ||
Use After Free in GitHub repository vim/vim prior to 9.0.0389. | ||
|
||
Notes: | ||
|
||
Priority: high | ||
|
||
Bugs: | ||
LINCD-10301 | ||
LIN1022-1711 | ||
LIN1021-4364 | ||
LIN1019-8796 | ||
LIN1018-9727 | ||
|
||
# fixes/patches for different WRLinux releases | ||
# <vulnerable_release>_<package>: <status> [(<fixed_release>)] | ||
Patches_vim: | ||
10.20.6.0_vim: not-affected | ||
10.22.33.1_vim: not-affected | ||
# the following have releases have been fixed | ||
10.21.20.1_vim: released (10.21.20.14) | ||
10.19.45.1_vim: released (10.19.45.26) | ||
|
||
10.18.44.1_vim: released (10.18.44.28) |
Oops, something went wrong.