Skip to content

Commit

Permalink
Adding Advisory GHSA-v6mg-7f7p-qmqp for melange (#5175)
Browse files Browse the repository at this point in the history 
Co-authored-by: octo-sts[bot] <[email protected]>
  • Loading branch information
@octo-sts
octo-sts[bot] and octo-sts[bot] authored Jun 5, 2024
1 parent c9dca9a commit 891af44
Showing 1 changed file with 147 additions and 129 deletions.
276 changes: 147 additions & 129 deletions melange.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,70 @@ package:
name: melange

advisories:
- id: CGA-3c7v-p5g9-f5wx
aliases:
- GHSA-9763-4f94-gfch
events:
- timestamp: 2024-01-11T07:10:50Z
type: detection
data:
type: scan/v1
data:
subpackageName: melange
componentID: 36e0a2100d2aed80
componentName: github.com/cloudflare/circl
componentVersion: v1.3.6
componentType: go-module
componentLocation: /usr/bin/melange
scanner: grype
- timestamp: 2024-01-23T16:02:30Z
type: fixed
data:
fixed-version: 0.5.6-r0

- id: CGA-4px9-54fx-rqrh
aliases:
- CVE-2024-28180
- GHSA-c5q2-7r4c-mv6g
events:
- timestamp: 2024-03-08T07:20:36Z
type: detection
data:
type: scan/v1
data:
subpackageName: melange
componentID: 45bf5b2089d13c7e
componentName: gopkg.in/go-jose/go-jose.v2
componentVersion: v2.6.2
componentType: go-module
componentLocation: /usr/bin/melange
scanner: grype
- timestamp: 2024-03-11T00:41:07Z
type: fixed
data:
fixed-version: 0.6.9-r2

- id: CGA-74rc-w39q-rr93
aliases:
- CVE-2024-24786
- GHSA-8r3f-844c-mc37
events:
- timestamp: 2024-03-16T09:13:25Z
type: fixed
data:
fixed-version: 0.6.9-r3

- id: CGA-75hc-jghv-4xq5
aliases:
- CVE-2023-45284
- GHSA-rq3x-83w4-p28c
events:
- timestamp: 2023-11-07T19:33:02Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows

- id: CGA-7qwq-52rr-hmmr
aliases:
- CVE-2020-8559
Expand All @@ -22,57 +86,63 @@ advisories:
componentLocation: /usr/bin/melange
scanner: grype

- id: CGA-q9f4-6p58-9fhh
- id: CGA-8v58-cxw6-mjqh
aliases:
- CVE-2023-28840
- GHSA-232p-vwff-86mp
- CVE-2024-24787
- GHSA-5fq7-4mxc-535h
events:
- timestamp: 2023-04-05T14:22:34Z
- timestamp: 2024-05-14T09:16:50Z
type: fixed
data:
fixed-version: 0.3.2-r1
fixed-version: 0.6.11-r5

- id: CGA-qpf3-44p9-q9cv
- id: CGA-c3f6-mvqp-x58g
aliases:
- CVE-2023-28841
- GHSA-33pg-m6jh-5237
- CVE-2024-36127
- GHSA-v6mg-7f7p-qmqp
events:
- timestamp: 2023-04-05T14:22:34Z
type: fixed
- timestamp: 2024-06-05T08:09:10Z
type: detection
data:
fixed-version: 0.3.2-r1
type: scan/v1
data:
subpackageName: melange
componentID: 28e69d70d8d2ebaa
componentName: chainguard.dev/apko
componentVersion: v0.14.3
componentType: go-module
componentLocation: /usr/bin/melange
scanner: grype

- id: CGA-m53q-whq4-59ph
- id: CGA-cr5m-fvwp-787c
aliases:
- CVE-2023-28842
- GHSA-6wrf-mxfj-pf5p
- CVE-2023-46402
- GHSA-3f2q-6294-fmq5
events:
- timestamp: 2023-04-05T14:22:34Z
- timestamp: 2023-12-03T14:31:42Z
type: fixed
data:
fixed-version: 0.3.2-r1
fixed-version: 0.5.3-r1

- id: CGA-wrj3-x9xp-36gp
- id: CGA-cwxj-fc4r-463r
aliases:
- CVE-2023-45283
- GHSA-vvjp-q62m-2vph
- CVE-2024-24788
- GHSA-2jwv-jmq4-4j3r
events:
- timestamp: 2023-11-07T19:33:00Z
type: false-positive-determination
- timestamp: 2024-05-14T09:16:52Z
type: fixed
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
fixed-version: 0.6.11-r5

- id: CGA-75hc-jghv-4xq5
- id: CGA-f4xq-ppv3-28pj
aliases:
- CVE-2023-45284
- GHSA-rq3x-83w4-p28c
- CVE-2023-46737
- GHSA-vfp6-jrw2-99g9
events:
- timestamp: 2023-11-07T19:33:02Z
type: false-positive-determination
- timestamp: 2023-11-16T12:21:01Z
type: fixed
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
fixed-version: 0.5.3-r0

- id: CGA-gv78-5qhq-jqfv
aliases:
Expand All @@ -96,87 +166,74 @@ advisories:
data:
fixed-version: 0.6.11-r3

- id: CGA-cr5m-fvwp-787c
- id: CGA-m53q-whq4-59ph
aliases:
- CVE-2023-46402
- GHSA-3f2q-6294-fmq5
- CVE-2023-28842
- GHSA-6wrf-mxfj-pf5p
events:
- timestamp: 2023-12-03T14:31:42Z
- timestamp: 2023-04-05T14:22:34Z
type: fixed
data:
fixed-version: 0.5.3-r1
fixed-version: 0.3.2-r1

- id: CGA-f4xq-ppv3-28pj
- id: CGA-m64h-c87c-95j5
aliases:
- CVE-2023-46737
- GHSA-vfp6-jrw2-99g9
- GHSA-7ww5-4wqc-m92c
events:
- timestamp: 2023-11-16T12:21:01Z
- timestamp: 2023-12-21T10:58:30Z
type: fixed
data:
fixed-version: 0.5.3-r0
fixed-version: 0.5.5-r0

- id: CGA-w69m-j62x-gggr
- id: CGA-m8vc-xmrr-957v
aliases:
- CVE-2023-48795
- GHSA-45x7-px36-x8w8
- CVE-2024-29902
- GHSA-88jx-383q-w4qc
events:
- timestamp: 2023-12-21T10:58:19Z
- timestamp: 2024-04-12T15:05:46Z
type: fixed
data:
fixed-version: 0.5.5-r0
fixed-version: 0.6.11-r1

- id: CGA-74rc-w39q-rr93
- id: CGA-mh9r-cgx8-q32c
aliases:
- CVE-2024-24786
- GHSA-8r3f-844c-mc37
- GHSA-jq35-85cj-fj4p
events:
- timestamp: 2024-03-16T09:13:25Z
type: fixed
- timestamp: 2023-10-31T20:03:58Z
type: false-positive-determination
data:
fixed-version: 0.6.9-r3
type: vulnerable-code-not-included-in-package
note: This vulnerability is in the container runtime itself, not clients of the container runtime.

- id: CGA-8v58-cxw6-mjqh
- id: CGA-p8hw-fxhx-vvqj
aliases:
- CVE-2024-24787
- GHSA-5fq7-4mxc-535h
- CVE-2024-29903
- GHSA-95pr-fxf5-86gv
events:
- timestamp: 2024-05-14T09:16:50Z
- timestamp: 2024-04-12T15:05:48Z
type: fixed
data:
fixed-version: 0.6.11-r5
fixed-version: 0.6.11-r1

- id: CGA-cwxj-fc4r-463r
- id: CGA-q9f4-6p58-9fhh
aliases:
- CVE-2024-24788
- GHSA-2jwv-jmq4-4j3r
- CVE-2023-28840
- GHSA-232p-vwff-86mp
events:
- timestamp: 2024-05-14T09:16:52Z
- timestamp: 2023-04-05T14:22:34Z
type: fixed
data:
fixed-version: 0.6.11-r5
fixed-version: 0.3.2-r1

- id: CGA-4px9-54fx-rqrh
- id: CGA-qpf3-44p9-q9cv
aliases:
- CVE-2024-28180
- GHSA-c5q2-7r4c-mv6g
- CVE-2023-28841
- GHSA-33pg-m6jh-5237
events:
- timestamp: 2024-03-08T07:20:36Z
type: detection
data:
type: scan/v1
data:
subpackageName: melange
componentID: 45bf5b2089d13c7e
componentName: gopkg.in/go-jose/go-jose.v2
componentVersion: v2.6.2
componentType: go-module
componentLocation: /usr/bin/melange
scanner: grype
- timestamp: 2024-03-11T00:41:07Z
- timestamp: 2023-04-05T14:22:34Z
type: fixed
data:
fixed-version: 0.6.9-r2
fixed-version: 0.3.2-r1

- id: CGA-v6wf-7rw3-7hh8
aliases:
Expand All @@ -188,25 +245,26 @@ advisories:
data:
fixed-version: 0.6.9-r4

- id: CGA-m8vc-xmrr-957v
- id: CGA-w69m-j62x-gggr
aliases:
- CVE-2024-29902
- GHSA-88jx-383q-w4qc
- CVE-2023-48795
- GHSA-45x7-px36-x8w8
events:
- timestamp: 2024-04-12T15:05:46Z
- timestamp: 2023-12-21T10:58:19Z
type: fixed
data:
fixed-version: 0.6.11-r1
fixed-version: 0.5.5-r0

- id: CGA-p8hw-fxhx-vvqj
- id: CGA-wrj3-x9xp-36gp
aliases:
- CVE-2024-29903
- GHSA-95pr-fxf5-86gv
- CVE-2023-45283
- GHSA-vvjp-q62m-2vph
events:
- timestamp: 2024-04-12T15:05:48Z
type: fixed
- timestamp: 2023-11-07T19:33:00Z
type: false-positive-determination
data:
fixed-version: 0.6.11-r1
type: vulnerable-code-not-included-in-package
note: Only affects Windows

- id: CGA-wwg2-q2wv-h5v7
aliases:
Expand All @@ -229,43 +287,3 @@ advisories:
type: fixed
data:
fixed-version: 0.6.11-r3

- id: CGA-m64h-c87c-95j5
aliases:
- GHSA-7ww5-4wqc-m92c
events:
- timestamp: 2023-12-21T10:58:30Z
type: fixed
data:
fixed-version: 0.5.5-r0

- id: CGA-3c7v-p5g9-f5wx
aliases:
- GHSA-9763-4f94-gfch
events:
- timestamp: 2024-01-11T07:10:50Z
type: detection
data:
type: scan/v1
data:
subpackageName: melange
componentID: 36e0a2100d2aed80
componentName: github.com/cloudflare/circl
componentVersion: v1.3.6
componentType: go-module
componentLocation: /usr/bin/melange
scanner: grype
- timestamp: 2024-01-23T16:02:30Z
type: fixed
data:
fixed-version: 0.5.6-r0

- id: CGA-mh9r-cgx8-q32c
aliases:
- GHSA-jq35-85cj-fj4p
events:
- timestamp: 2023-10-31T20:03:58Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: This vulnerability is in the container runtime itself, not clients of the container runtime.

0 comments on commit 891af44

Please sign in to comment.