forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
conda.advisories.yaml
86 lines (77 loc) · 2.46 KB
/
conda.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
schema-version: "2"
package:
name: conda
advisories:
- id: CGA-wmg2-c3fj-mpmv
aliases:
- CVE-2007-4559
- GHSA-gw9q-c7gh-j9vm
events:
- timestamp: 2023-07-21T18:10:35Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: We have determined that this is not a security issue in the Python package itself. It's still possible to misuse the Python standard library, such as by supplying untrusted data to the tar extraction functions, in which case a vulnerability should be identified in the caller code.
- id: CGA-px95-g846-4rrq
aliases:
- CVE-2018-20225
- GHSA-7p5p-7qq5-cc86
events:
- timestamp: 2023-07-21T18:03:13Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: This vulnerability is disputed, and the consensus in the security community is that this is intended behavior, not a security flaw.
- id: CGA-v2fw-rh5h-2mqp
aliases:
- CVE-2023-27043
- GHSA-5mwm-wccq-xqcp
events:
- timestamp: 2023-07-21T18:05:18Z
type: true-positive-determination
data:
note: There doesn't appear to be a backport of the fix available for Python 3.10.x, see https://github.com/python/cpython/issues/102988.
- id: CGA-rjjr-cr57-427g
aliases:
- CVE-2023-36632
- GHSA-gv66-v8c8-v69c
events:
- timestamp: 2023-07-21T18:06:11Z
type: false-positive-determination
data:
type: vulnerability-record-analysis-contested
note: The vendor's perspective is that this is neither a vulnerability nor a bug.
- id: CGA-vxhq-hwj6-cr7h
aliases:
- CVE-2023-37920
- GHSA-xqr8-7jwr-rhp7
events:
- timestamp: 2023-08-11T22:01:28Z
type: fixed
data:
fixed-version: 23.7.2-r1
- id: CGA-64c7-9q3g-wvxv
aliases:
- CVE-2023-38325
- GHSA-cf7p-gm2m-833m
events:
- timestamp: 2023-08-11T22:03:52Z
type: fixed
data:
fixed-version: 23.7.2-r1
- id: CGA-9rgv-ffcw-x427
aliases:
- GHSA-5cpq-8wj7-hf2v
events:
- timestamp: 2023-08-11T22:03:30Z
type: fixed
data:
fixed-version: 23.7.2-r1
- id: CGA-f4gx-hp92-rcxm
aliases:
- GHSA-jm77-qphf-c4w8
events:
- timestamp: 2023-08-11T22:04:01Z
type: fixed
data:
fixed-version: 23.7.2-r1