From cbe4fde1f54d98a44a6633794899259f1f38ed15 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 17:43:41 +0000 Subject: [PATCH 01/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for terraform-docs (#10989) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- terraform-docs.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform-docs.advisories.yaml b/terraform-docs.advisories.yaml index d0d69e659..2ade99626 100644 --- a/terraform-docs.advisories.yaml +++ b/terraform-docs.advisories.yaml @@ -74,6 +74,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/terraform-docs scanner: grype + - timestamp: 2024-12-21T17:39:19Z + type: fixed + data: + fixed-version: 0.19.0-r2 - id: CGA-82g5-h23x-33p6 aliases: From 3563a0e747817adf3511ca3b72adf51686d511f6 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 17:44:11 +0000 Subject: [PATCH 02/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for slsa-verifier (#10990) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- slsa-verifier.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/slsa-verifier.advisories.yaml b/slsa-verifier.advisories.yaml index 89c231347..21fc792b1 100644 --- a/slsa-verifier.advisories.yaml +++ b/slsa-verifier.advisories.yaml @@ -426,6 +426,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/slsa-verifier scanner: grype + - timestamp: 2024-12-21T17:42:47Z + type: fixed + data: + fixed-version: 2.6.0-r7 - id: CGA-h3m2-ppgf-58hc aliases: From dcc2350e9d95f789cf36cdf2d4a771a6af36348f Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 18:44:21 +0000 Subject: [PATCH 03/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for sriov-network-device-plugin (#10992) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- sriov-network-device-plugin.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sriov-network-device-plugin.advisories.yaml b/sriov-network-device-plugin.advisories.yaml index 881904d14..f6e1722b4 100644 --- a/sriov-network-device-plugin.advisories.yaml +++ b/sriov-network-device-plugin.advisories.yaml @@ -21,3 +21,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/sriovdp scanner: grype + - timestamp: 2024-12-21T18:02:00Z + type: fixed + data: + fixed-version: 3.8.0-r1 From 646833466272bbd0fe34675f896d7d3d9d285eeb Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 18:44:22 +0000 Subject: [PATCH 04/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for kubeadm-controlplane-controller (#10993) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- kubeadm-controlplane-controller.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kubeadm-controlplane-controller.advisories.yaml b/kubeadm-controlplane-controller.advisories.yaml index db33edff0..5613144df 100644 --- a/kubeadm-controlplane-controller.advisories.yaml +++ b/kubeadm-controlplane-controller.advisories.yaml @@ -61,6 +61,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/kubeadm-controlplane-controller scanner: grype + - timestamp: 2024-12-21T18:04:32Z + type: fixed + data: + fixed-version: 1.9.2-r1 - id: CGA-7m4f-cm35-r6vq aliases: From 395d315bc774708d4c50005e7117a6d69f8f036a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 18:44:23 +0000 Subject: [PATCH 05/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for secrets-store-csi-driver-provider-gcp (#10994) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- secrets-store-csi-driver-provider-gcp.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/secrets-store-csi-driver-provider-gcp.advisories.yaml b/secrets-store-csi-driver-provider-gcp.advisories.yaml index 52d1766a5..c30c29c12 100644 --- a/secrets-store-csi-driver-provider-gcp.advisories.yaml +++ b/secrets-store-csi-driver-provider-gcp.advisories.yaml @@ -200,6 +200,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/secrets-store-csi-driver-provider-gcp scanner: grype + - timestamp: 2024-12-21T18:06:59Z + type: fixed + data: + fixed-version: 1.7.0-r1 - id: CGA-q53p-fgj2-3j2m aliases: From 2a5f5fc11154dfe05acee9dd08009018da9f45af Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 18:44:25 +0000 Subject: [PATCH 06/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for temporal (#10995) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- temporal.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/temporal.advisories.yaml b/temporal.advisories.yaml index 1c0e2a314..472740a58 100644 --- a/temporal.advisories.yaml +++ b/temporal.advisories.yaml @@ -172,6 +172,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/temporal scanner: grype + - timestamp: 2024-12-21T18:08:23Z + type: fixed + data: + fixed-version: 1.1.2-r2 - id: CGA-87q2-mwvf-7f59 aliases: From 790b010f4b1fcd44730d6b699b2afc18fca2b2b4 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 21 Dec 2024 18:44:26 +0000 Subject: [PATCH 07/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for hugo-extended (#10996) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- hugo-extended.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/hugo-extended.advisories.yaml b/hugo-extended.advisories.yaml index 94fb5a160..1c969c7cb 100644 --- a/hugo-extended.advisories.yaml +++ b/hugo-extended.advisories.yaml @@ -64,6 +64,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/hugo scanner: grype + - timestamp: 2024-12-21T18:18:04Z + type: fixed + data: + fixed-version: 0.140.0-r1 - id: CGA-4r74-w9mc-9hvw aliases: From e3b015de335f8a6afaff934ca888db387554a51d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 09:43:32 +0000 Subject: [PATCH 08/15] Adding Advisory GHSA-w32m-9786-jp63 for opa-envoy (#10997) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- opa-envoy.advisories.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/opa-envoy.advisories.yaml b/opa-envoy.advisories.yaml index 627dec86a..9f6223145 100644 --- a/opa-envoy.advisories.yaml +++ b/opa-envoy.advisories.yaml @@ -25,3 +25,15 @@ advisories: type: fixed data: fixed-version: 0.70.0_rc1-r1 + - timestamp: 2024-12-22T08:25:42Z + type: detection + data: + type: scan/v1 + data: + subpackageName: opa-envoy + componentID: 34345bdb2373cd87 + componentName: golang.org/x/net + componentVersion: v0.30.0 + componentType: go-module + componentLocation: /usr/bin/opa + scanner: grype From bbbf0371ffc4bbe03cd1d7982a0ffd587b555884 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 09:43:33 +0000 Subject: [PATCH 09/15] Adding Advisory GHSA-w32m-9786-jp63 for smarter-device-manager (#10998) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- smarter-device-manager.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/smarter-device-manager.advisories.yaml b/smarter-device-manager.advisories.yaml index be355414e..6a875dc6d 100644 --- a/smarter-device-manager.advisories.yaml +++ b/smarter-device-manager.advisories.yaml @@ -231,6 +231,24 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CGA-wvj2-3chg-gqv6 + aliases: + - CVE-2024-45338 + - GHSA-w32m-9786-jp63 + events: + - timestamp: 2024-12-22T09:10:41Z + type: detection + data: + type: scan/v1 + data: + subpackageName: smarter-device-manager + componentID: 40143f9b2943e893 + componentName: golang.org/x/net + componentVersion: v0.29.0 + componentType: go-module + componentLocation: /usr/bin/smarter-device-management + scanner: grype + - id: CGA-x944-qr2v-f5rw aliases: - CVE-2024-34156 From d82ad3ea50bddfe31b62e58b5339f3369c04f112 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 10:43:29 +0000 Subject: [PATCH 10/15] Adding Advisory GHSA-w32m-9786-jp63 for neuvector-scanner (#10999) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- neuvector-scanner.advisories.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/neuvector-scanner.advisories.yaml b/neuvector-scanner.advisories.yaml index 2960819ac..b40478de2 100644 --- a/neuvector-scanner.advisories.yaml +++ b/neuvector-scanner.advisories.yaml @@ -219,6 +219,18 @@ advisories: type: fixed data: fixed-version: 0_git20240528-r10 + - timestamp: 2024-12-22T10:31:29Z + type: detection + data: + type: scan/v1 + data: + subpackageName: neuvector-scanner + componentID: bf92469ac1521c7c + componentName: golang.org/x/net + componentVersion: v0.23.0 + componentType: go-module + componentLocation: /usr/local/bin/scanner + scanner: grype - id: CGA-p8xg-r44c-55h5 aliases: From 73047784ed26dffb7bc76dec0e176ec97ee3e3f1 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:43:37 +0000 Subject: [PATCH 11/15] Adding fixed events for vitess-20.0 (#11000) * Adding Fixed Advisory GHSA-mwcw-c2x4-8c55 for vitess-20.0 * Adding Fixed Advisory GHSA-pxg6-pf52-xh8x for vitess-20.0 --------- Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- vitess-20.0.advisories.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/vitess-20.0.advisories.yaml b/vitess-20.0.advisories.yaml index 43317d30f..164486b24 100644 --- a/vitess-20.0.advisories.yaml +++ b/vitess-20.0.advisories.yaml @@ -108,6 +108,10 @@ advisories: componentType: npm componentLocation: /vt/web/vtadmin/node_modules/nanoid/package.json scanner: grype + - timestamp: 2024-12-22T13:13:36Z + type: fixed + data: + fixed-version: 20.0.4-r3 - id: CGA-qw57-j898-5h79 aliases: @@ -166,6 +170,10 @@ advisories: type: pending-upstream-fix data: note: It's not possible to bump 3 minor versions on this package, other dependencies still depend on this. + - timestamp: 2024-12-22T13:13:37Z + type: fixed + data: + fixed-version: 20.0.4-r3 - id: CGA-wpr6-q8w2-pw5m aliases: From 9ee57429f258bc790fd76a9c32722d351cdf5d4e Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:43:39 +0000 Subject: [PATCH 12/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for terraform-provider-aws (#11001) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- terraform-provider-aws.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/terraform-provider-aws.advisories.yaml b/terraform-provider-aws.advisories.yaml index 8ec3e44bc..8b3099f49 100644 --- a/terraform-provider-aws.advisories.yaml +++ b/terraform-provider-aws.advisories.yaml @@ -21,6 +21,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/terraform-provider-aws scanner: grype + - timestamp: 2024-12-22T13:16:37Z + type: fixed + data: + fixed-version: 5.82.2-r0 - id: CGA-43ch-mwp2-gv8j aliases: From 887c17095b12462ed94efe7949d45ffd4eadd297 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:43:40 +0000 Subject: [PATCH 13/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for smarter-device-manager (#11002) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- smarter-device-manager.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/smarter-device-manager.advisories.yaml b/smarter-device-manager.advisories.yaml index 6a875dc6d..0c6454b30 100644 --- a/smarter-device-manager.advisories.yaml +++ b/smarter-device-manager.advisories.yaml @@ -248,6 +248,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/smarter-device-management scanner: grype + - timestamp: 2024-12-22T13:17:39Z + type: fixed + data: + fixed-version: 1.20.11-r11 - id: CGA-x944-qr2v-f5rw aliases: From b27551a062f7b93f3a982a4ff5a93cadb297e5a4 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:43:41 +0000 Subject: [PATCH 14/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for glow (#11003) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- glow.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/glow.advisories.yaml b/glow.advisories.yaml index a3b75bc54..3c6a2ab57 100644 --- a/glow.advisories.yaml +++ b/glow.advisories.yaml @@ -65,6 +65,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/glow scanner: grype + - timestamp: 2024-12-22T13:38:48Z + type: fixed + data: + fixed-version: 2.0.0-r3 - id: CGA-mxwc-74fh-p77h aliases: From 0be5b77dc1aae3b8911c65b8204dd4e17236041c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sun, 22 Dec 2024 13:43:42 +0000 Subject: [PATCH 15/15] Adding Fixed Advisory GHSA-w32m-9786-jp63 for prometheus-alertmanager (#11004) Co-authored-by: octo-sts[bot] <157150467+octo-sts@users.noreply.github.com> --- prometheus-alertmanager.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/prometheus-alertmanager.advisories.yaml b/prometheus-alertmanager.advisories.yaml index c00585475..7933b9253 100644 --- a/prometheus-alertmanager.advisories.yaml +++ b/prometheus-alertmanager.advisories.yaml @@ -166,6 +166,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/alertmanager scanner: grype + - timestamp: 2024-12-22T13:42:10Z + type: fixed + data: + fixed-version: 0.27.0-r13 - id: CGA-hmfg-p87v-vwv4 aliases: