Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove Mango (unmaintained since July 2022) #381

Merged
merged 1 commit into from
Nov 23, 2023
Merged

Remove Mango (unmaintained since July 2022) #381

merged 1 commit into from
Nov 23, 2023

Conversation

nodiscc
Copy link
Member

@nodiscc nodiscc commented Nov 18, 2023

$ ./trivy_0.41.0_Linux-64bit/trivy image hkalexling/mango
2023-11-18T19:43:51.431+0100	INFO	Vulnerability scanning is enabled
2023-11-18T19:43:51.432+0100	INFO	Secret scanning is enabled
2023-11-18T19:43:51.432+0100	INFO	If your scanning is slow, please try '--scanners vuln' to disable secret scanning
2023-11-18T19:43:51.432+0100	INFO	Please see also https://aquasecurity.github.io/trivy/v0.41/docs/secret/scanning/#recommendation for faster secret detection
2023-11-18T19:43:54.720+0100	INFO	Detected OS: alpine
2023-11-18T19:43:54.721+0100	INFO	Detecting Alpine vulnerabilities...
2023-11-18T19:43:54.723+0100	INFO	Number of language-specific files: 0

hkalexling/mango (alpine 3.16.1)

Total: 19 (UNKNOWN: 0, LOW: 0, MEDIUM: 10, HIGH: 8, CRITICAL: 1)

┌──────────────┬────────────────┬──────────┬───────────────────┬───────────────┬─────────────────────────────────────────────────────────────┐
│   Library    │ Vulnerability  │ Severity │ Installed Version │ Fixed Version │                            Title                            │
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ libcrypto1.1 │ CVE-2022-4450  │ HIGH     │ 1.1.1q-r0         │ 1.1.1t-r0     │ double free after calling PEM_read_bio_ex                   │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-4450                   │
│              ├────────────────┤          │                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0215  │          │                   │               │ use-after-free following BIO_new_NDEF                       │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0215                   │
│              ├────────────────┤          │                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0286  │          │                   │               │ X.400 address type confusion in X.509 GeneralName           │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0286                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0464  │          │                   │ 1.1.1t-r1     │ openssl: Denial of service by excessive resource usage in   │
│              │                │          │                   │               │ verifying X509 policy...                                    │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0464                   │
│              ├────────────────┼──────────┤                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2022-4304  │ MEDIUM   │                   │ 1.1.1t-r0     │ openssl: timing attack in RSA Decryption implementation     │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-4304                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0465  │          │                   │ 1.1.1t-r2     │ openssl: Invalid certificate policies in leaf certificates  │
│              │                │          │                   │               │ are silently ignored                                        │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0465                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2650  │          │                   │ 1.1.1u-r0     │ openssl: Possible DoS translating ASN.1 object identifiers  │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2650                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3446  │          │                   │ 1.1.1u-r2     │ openssl: Excessive time spent checking DH keys and          │
│              │                │          │                   │               │ parameters                                                  │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3446                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3817  │          │                   │ 1.1.1v-r0     │ OpenSSL: Excessive time spent checking DH q parameter value │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3817                   │
├──────────────┼────────────────┼──────────┤                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│ libssl1.1    │ CVE-2022-4450  │ HIGH     │                   │ 1.1.1t-r0     │ double free after calling PEM_read_bio_ex                   │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-4450                   │
│              ├────────────────┤          │                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0215  │          │                   │               │ use-after-free following BIO_new_NDEF                       │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0215                   │
│              ├────────────────┤          │                   │               ├─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0286  │          │                   │               │ X.400 address type confusion in X.509 GeneralName           │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0286                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0464  │          │                   │ 1.1.1t-r1     │ openssl: Denial of service by excessive resource usage in   │
│              │                │          │                   │               │ verifying X509 policy...                                    │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0464                   │
│              ├────────────────┼──────────┤                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2022-4304  │ MEDIUM   │                   │ 1.1.1t-r0     │ openssl: timing attack in RSA Decryption implementation     │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-4304                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-0465  │          │                   │ 1.1.1t-r2     │ openssl: Invalid certificate policies in leaf certificates  │
│              │                │          │                   │               │ are silently ignored                                        │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-0465                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-2650  │          │                   │ 1.1.1u-r0     │ openssl: Possible DoS translating ASN.1 object identifiers  │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-2650                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3446  │          │                   │ 1.1.1u-r2     │ openssl: Excessive time spent checking DH keys and          │
│              │                │          │                   │               │ parameters                                                  │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3446                   │
│              ├────────────────┤          │                   ├───────────────┼─────────────────────────────────────────────────────────────┤
│              │ CVE-2023-3817  │          │                   │ 1.1.1v-r0     │ OpenSSL: Excessive time spent checking DH q parameter value │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2023-3817                   │
├──────────────┼────────────────┼──────────┼───────────────────┼───────────────┼─────────────────────────────────────────────────────────────┤
│ zlib         │ CVE-2022-37434 │ CRITICAL │ 1.2.12-r1         │ 1.2.12-r2     │ heap-based buffer over-read and overflow in inflate() in    │
│              │                │          │                   │               │ inflate.c via a large...                                    │
│              │                │          │                   │               │ https://avd.aquasec.com/nvd/cve-2022-37434                  │
└──────────────┴────────────────┴──────────┴───────────────────┴───────────────┴─────────────────────────────────────────────────────────────┘

- ref. #1
- `ERROR:awesome_lint.py: Mango: last updated -475 days, 1:29:43.511078 ago, older than 365 days`
@nodiscc nodiscc added the curation Removal of abandoned projects, dead links label Nov 18, 2023
@nodiscc nodiscc merged commit 1e56439 into master Nov 23, 2023
1 check passed
@nodiscc nodiscc deleted the rm-mango branch November 23, 2023 00:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
curation Removal of abandoned projects, dead links
Development

Successfully merging this pull request may close these issues.

1 participant