diff --git a/openjdk-10.advisories.yaml b/openjdk-10.advisories.yaml index 17492055e..b80a6ee78 100644 --- a/openjdk-10.advisories.yaml +++ b/openjdk-10.advisories.yaml @@ -4,12 +4,30 @@ package: name: openjdk-10 advisories: - - id: CGA-x553-263x-w5r4 + - id: CGA-3c74-2v6w-g9p4 aliases: - - CVE-2023-21930 - - GHSA-4j35-7cr4-3mc8 + - CVE-2024-21085 + - GHSA-273j-fjrx-gf2f events: - - timestamp: 2024-03-31T13:27:52Z + - timestamp: 2024-04-19T13:09:12Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-10-doc + componentID: 1dcdbfaef83f18d0 + componentName: openjdk-10-doc + componentVersion: 10.0.2-r4 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype + + - id: CGA-5326-5723-p8q6 + aliases: + - CVE-2023-22041 + - GHSA-rgxf-494f-377c + events: + - timestamp: 2024-03-31T13:43:26Z type: detection data: type: scan/v1 @@ -22,12 +40,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-qgpm-xhx2-5pjp + - id: CGA-5mgx-7pq5-5qf6 aliases: - - CVE-2023-21937 - - GHSA-vr26-5f5w-r829 + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m events: - - timestamp: 2024-03-31T13:28:23Z + - timestamp: 2024-03-31T13:46:51Z type: detection data: type: scan/v1 @@ -40,6 +58,24 @@ advisories: componentLocation: /.PKGINFO scanner: grype + - id: CGA-5r87-8qp7-jmrv + aliases: + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh + events: + - timestamp: 2024-04-19T13:09:14Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-10-doc + componentID: 1dcdbfaef83f18d0 + componentName: openjdk-10-doc + componentVersion: 10.0.2-r4 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype + - id: CGA-5x4h-8frw-6cx4 aliases: - CVE-2023-21938 @@ -76,12 +112,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-qxm6-59qp-ccpf + - id: CGA-85fg-mp4w-g52f aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2024-20945 + - GHSA-qj64-r5h2-w6f9 events: - - timestamp: 2024-03-31T13:35:32Z + - timestamp: 2024-04-13T07:42:34Z type: detection data: type: scan/v1 @@ -94,12 +130,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-wfxh-c4fv-4383 + - id: CGA-9wqr-4rqq-hj29 aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2024-20919 + - GHSA-vgxv-38wx-r77w events: - - timestamp: 2024-03-31T13:38:54Z + - timestamp: 2024-04-13T07:42:29Z type: detection data: type: scan/v1 @@ -112,12 +148,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-j5qg-p276-q8fq + - id: CGA-hjgc-m4pq-g9mg aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 + - CVE-2024-20926 + - GHSA-hjh6-9v4w-w32w events: - - timestamp: 2024-03-31T13:41:30Z + - timestamp: 2024-04-13T07:42:32Z type: detection data: type: scan/v1 @@ -130,12 +166,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-5326-5723-p8q6 + - id: CGA-j5qg-p276-q8fq aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-03-31T13:43:26Z + - timestamp: 2024-03-31T13:41:30Z type: detection data: type: scan/v1 @@ -148,23 +184,28 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-5mgx-7pq5-5qf6 + - id: CGA-p98q-52v3-j278 aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2024-20932 + - GHSA-ccwc-jrj7-h4v6 events: - - timestamp: 2024-03-31T13:46:51Z + - timestamp: 2024-05-24T07:39:10Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-10-demos - componentID: 2817ff019ab111ef - componentName: openjdk-10-demos + subpackageName: openjdk-10 + componentID: b66851eb096d6998 + componentName: openjdk-10 componentVersion: 10.0.2-r4 componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:27:37Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - id: CGA-phgm-jqj3-mcpq aliases: @@ -184,19 +225,19 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-9wqr-4rqq-hj29 + - id: CGA-q8qx-j943-3vgq aliases: - - CVE-2024-20919 - - GHSA-vgxv-38wx-r77w + - CVE-2024-21011 + - GHSA-7qqv-8pwc-x4xc events: - - timestamp: 2024-04-13T07:42:29Z + - timestamp: 2024-04-19T13:09:05Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-10-demos - componentID: 2817ff019ab111ef - componentName: openjdk-10-demos + subpackageName: openjdk-10-doc + componentID: 1dcdbfaef83f18d0 + componentName: openjdk-10-doc componentVersion: 10.0.2-r4 componentType: apk componentLocation: /.PKGINFO @@ -220,12 +261,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-hjgc-m4pq-g9mg + - id: CGA-qgpm-xhx2-5pjp aliases: - - CVE-2024-20926 - - GHSA-hjh6-9v4w-w32w + - CVE-2023-21937 + - GHSA-vr26-5f5w-r829 events: - - timestamp: 2024-04-13T07:42:32Z + - timestamp: 2024-03-31T13:28:23Z type: detection data: type: scan/v1 @@ -238,37 +279,37 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-p98q-52v3-j278 + - id: CGA-qxm6-59qp-ccpf aliases: - - CVE-2024-20932 - - GHSA-ccwc-jrj7-h4v6 + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-05-24T07:39:10Z + - timestamp: 2024-03-31T13:35:32Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-10 - componentID: b66851eb096d6998 - componentName: openjdk-10 + subpackageName: openjdk-10-demos + componentID: 2817ff019ab111ef + componentName: openjdk-10-demos componentVersion: 10.0.2-r4 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-85fg-mp4w-g52f + - id: CGA-v23c-37pf-v6xw aliases: - - CVE-2024-20945 - - GHSA-qj64-r5h2-w6f9 + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 events: - - timestamp: 2024-04-13T07:42:34Z + - timestamp: 2024-04-19T13:09:09Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-10-demos - componentID: 2817ff019ab111ef - componentName: openjdk-10-demos + subpackageName: openjdk-10-doc + componentID: 1dcdbfaef83f18d0 + componentName: openjdk-10-doc componentVersion: 10.0.2-r4 componentType: apk componentLocation: /.PKGINFO @@ -292,24 +333,6 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-q8qx-j943-3vgq - aliases: - - CVE-2024-21011 - - GHSA-7qqv-8pwc-x4xc - events: - - timestamp: 2024-04-19T13:09:05Z - type: detection - data: - type: scan/v1 - data: - subpackageName: openjdk-10-doc - componentID: 1dcdbfaef83f18d0 - componentName: openjdk-10-doc - componentVersion: 10.0.2-r4 - componentType: apk - componentLocation: /.PKGINFO - scanner: grype - - id: CGA-wcmw-97v5-xh38 aliases: - CVE-2024-21012 @@ -328,55 +351,37 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-v23c-37pf-v6xw - aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 - events: - - timestamp: 2024-04-19T13:09:09Z - type: detection - data: - type: scan/v1 - data: - subpackageName: openjdk-10-doc - componentID: 1dcdbfaef83f18d0 - componentName: openjdk-10-doc - componentVersion: 10.0.2-r4 - componentType: apk - componentLocation: /.PKGINFO - scanner: grype - - - id: CGA-3c74-2v6w-g9p4 + - id: CGA-wfxh-c4fv-4383 aliases: - - CVE-2024-21085 - - GHSA-273j-fjrx-gf2f + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx events: - - timestamp: 2024-04-19T13:09:12Z + - timestamp: 2024-03-31T13:38:54Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-10-doc - componentID: 1dcdbfaef83f18d0 - componentName: openjdk-10-doc + subpackageName: openjdk-10-demos + componentID: 2817ff019ab111ef + componentName: openjdk-10-demos componentVersion: 10.0.2-r4 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-5r87-8qp7-jmrv + - id: CGA-x553-263x-w5r4 aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2023-21930 + - GHSA-4j35-7cr4-3mc8 events: - - timestamp: 2024-04-19T13:09:14Z + - timestamp: 2024-03-31T13:27:52Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-10-doc - componentID: 1dcdbfaef83f18d0 - componentName: openjdk-10-doc + subpackageName: openjdk-10-demos + componentID: 2817ff019ab111ef + componentName: openjdk-10-demos componentVersion: 10.0.2-r4 componentType: apk componentLocation: /.PKGINFO diff --git a/openjdk-11.advisories.yaml b/openjdk-11.advisories.yaml index e924ee81a..8a0548833 100644 --- a/openjdk-11.advisories.yaml +++ b/openjdk-11.advisories.yaml @@ -21,6 +21,11 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:28:07Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - id: CGA-4v82-53j9-9r9q aliases: @@ -32,42 +37,42 @@ advisories: data: fixed-version: 11.0.23-r0 - - id: CGA-ffm4-8jj3-39xw + - id: CGA-73g2-v22h-jx69 aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2024-21085 + - GHSA-273j-fjrx-gf2f events: - timestamp: 2024-04-19T07:20:00Z type: fixed data: fixed-version: 11.0.23-r0 - - id: CGA-v333-j54p-w387 + - id: CGA-f5w4-73pp-wcxj aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-04-19T07:20:01Z + - timestamp: 2024-04-19T07:20:02Z type: fixed data: fixed-version: 11.0.23-r0 - - id: CGA-73g2-v22h-jx69 + - id: CGA-ffm4-8jj3-39xw aliases: - - CVE-2024-21085 - - GHSA-273j-fjrx-gf2f + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - timestamp: 2024-04-19T07:20:00Z type: fixed data: fixed-version: 11.0.23-r0 - - id: CGA-f5w4-73pp-wcxj + - id: CGA-v333-j54p-w387 aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 events: - - timestamp: 2024-04-19T07:20:02Z + - timestamp: 2024-04-19T07:20:01Z type: fixed data: fixed-version: 11.0.23-r0 diff --git a/openjdk-12.advisories.yaml b/openjdk-12.advisories.yaml index 6cebbb02e..69595288c 100644 --- a/openjdk-12.advisories.yaml +++ b/openjdk-12.advisories.yaml @@ -4,12 +4,12 @@ package: name: openjdk-12 advisories: - - id: CGA-mc5f-2r2g-664c + - id: CGA-4m7f-x5rf-7hp5 aliases: - - CVE-2023-21930 - - GHSA-4j35-7cr4-3mc8 + - CVE-2023-21939 + - GHSA-xfrf-5cgw-f964 events: - - timestamp: 2024-04-05T07:42:44Z + - timestamp: 2024-04-05T07:44:00Z type: detection data: type: scan/v1 @@ -22,12 +22,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-8xcc-wj36-grc9 + - id: CGA-7f27-vg24-rjj5 aliases: - - CVE-2023-21937 - - GHSA-vr26-5f5w-r829 + - CVE-2024-20952 + - GHSA-343v-9ccv-7535 events: - - timestamp: 2024-04-05T07:43:35Z + - timestamp: 2024-04-05T07:48:33Z type: detection data: type: scan/v1 @@ -40,12 +40,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-vg74-c9p6-rch7 + - id: CGA-8gvm-6q43-m452 aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m events: - - timestamp: 2024-04-05T07:43:45Z + - timestamp: 2024-04-05T07:46:48Z type: detection data: type: scan/v1 @@ -58,12 +58,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-4m7f-x5rf-7hp5 + - id: CGA-8xcc-wj36-grc9 aliases: - - CVE-2023-21939 - - GHSA-xfrf-5cgw-f964 + - CVE-2023-21937 + - GHSA-vr26-5f5w-r829 events: - - timestamp: 2024-04-05T07:44:00Z + - timestamp: 2024-04-05T07:43:35Z type: detection data: type: scan/v1 @@ -76,30 +76,30 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-m29x-f3qq-6884 + - id: CGA-fxgr-86x4-93p9 aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - - timestamp: 2024-04-05T07:44:20Z + - timestamp: 2024-04-19T16:05:42Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-12-default-jdk - componentID: b89c941d8c7fcaaf - componentName: openjdk-12-default-jdk - componentVersion: 12.0.2.10-r2 - componentType: apk - componentLocation: /.PKGINFO + subpackageName: openjdk-12-jre-base + componentID: d89d05a9dc8a7763 + componentName: java + componentVersion: 12.0.2-internal+0-wolfi-r2 + componentType: binary + componentLocation: /usr/lib/jvm/java-12-openjdk/bin/java scanner: grype - - id: CGA-mwrv-7rw9-w5xq + - id: CGA-ggj8-ghf7-hp38 aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2023-22041 + - GHSA-rgxf-494f-377c events: - - timestamp: 2024-04-05T07:44:46Z + - timestamp: 2024-04-05T07:45:51Z type: detection data: type: scan/v1 @@ -112,12 +112,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-v656-jrm7-545q + - id: CGA-m29x-f3qq-6884 aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-04-05T07:45:15Z + - timestamp: 2024-04-05T07:44:20Z type: detection data: type: scan/v1 @@ -130,12 +130,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-ggj8-ghf7-hp38 + - id: CGA-mc5f-2r2g-664c aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c + - CVE-2023-21930 + - GHSA-4j35-7cr4-3mc8 events: - - timestamp: 2024-04-05T07:45:51Z + - timestamp: 2024-04-05T07:42:44Z type: detection data: type: scan/v1 @@ -148,12 +148,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-8gvm-6q43-m452 + - id: CGA-mwrv-7rw9-w5xq aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx events: - - timestamp: 2024-04-05T07:46:48Z + - timestamp: 2024-04-05T07:44:46Z type: detection data: type: scan/v1 @@ -183,13 +183,18 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:28:21Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - - id: CGA-7f27-vg24-rjj5 + - id: CGA-v656-jrm7-545q aliases: - - CVE-2024-20952 - - GHSA-343v-9ccv-7535 + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-04-05T07:48:33Z + - timestamp: 2024-04-05T07:45:15Z type: detection data: type: scan/v1 @@ -202,20 +207,20 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-fxgr-86x4-93p9 + - id: CGA-vg74-c9p6-rch7 aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-04-19T16:05:42Z + - timestamp: 2024-04-05T07:43:45Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-12-jre-base - componentID: d89d05a9dc8a7763 - componentName: java - componentVersion: 12.0.2-internal+0-wolfi-r2 - componentType: binary - componentLocation: /usr/lib/jvm/java-12-openjdk/bin/java + subpackageName: openjdk-12-default-jdk + componentID: b89c941d8c7fcaaf + componentName: openjdk-12-default-jdk + componentVersion: 12.0.2.10-r2 + componentType: apk + componentLocation: /.PKGINFO scanner: grype diff --git a/openjdk-13.advisories.yaml b/openjdk-13.advisories.yaml index 3317c0a24..3a75151ce 100644 --- a/openjdk-13.advisories.yaml +++ b/openjdk-13.advisories.yaml @@ -4,12 +4,12 @@ package: name: openjdk-13 advisories: - - id: CGA-x53f-gwvv-jqqq + - id: CGA-3chm-f6fp-3gj4 aliases: - - CVE-2023-21930 - - GHSA-4j35-7cr4-3mc8 + - CVE-2024-20919 + - GHSA-vgxv-38wx-r77w events: - - timestamp: 2024-04-13T07:34:54Z + - timestamp: 2024-04-13T07:35:03Z type: detection data: type: scan/v1 @@ -22,30 +22,30 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-p6r6-rgfw-wjfc + - id: CGA-3wmm-g5vr-38c5 aliases: - - CVE-2023-21937 - - GHSA-vr26-5f5w-r829 + - CVE-2024-21011 + - GHSA-7qqv-8pwc-x4xc events: - - timestamp: 2024-04-13T07:34:54Z + - timestamp: 2024-04-19T13:34:23Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13-default-jdk - componentID: c5a797af162c12af - componentName: openjdk-13-default-jdk + subpackageName: openjdk-13-jmods + componentID: 18530d8060d34702 + componentName: openjdk-13-jmods componentVersion: 13.0.14.5-r2 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-5wf7-c794-jvc4 + - id: CGA-4cr9-hmr3-x33c aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr + - CVE-2024-20921 + - GHSA-hxqj-hr64-7vf7 events: - - timestamp: 2024-04-13T07:34:55Z + - timestamp: 2024-04-13T07:35:05Z type: detection data: type: scan/v1 @@ -58,30 +58,30 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-f6f6-9p7f-pxg6 + - id: CGA-4v29-q5gx-qqpf aliases: - - CVE-2023-21939 - - GHSA-xfrf-5cgw-f964 + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - - timestamp: 2024-04-13T07:34:56Z + - timestamp: 2024-04-19T13:34:25Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13-default-jdk - componentID: c5a797af162c12af - componentName: openjdk-13-default-jdk + subpackageName: openjdk-13-jmods + componentID: 18530d8060d34702 + componentName: openjdk-13-jmods componentVersion: 13.0.14.5-r2 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-g29g-46j3-99cf + - id: CGA-52fq-3hr9-8hh8 aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-04-13T07:34:56Z + - timestamp: 2024-04-13T07:34:58Z type: detection data: type: scan/v1 @@ -94,12 +94,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-98h6-cpxr-2pvp + - id: CGA-5wf7-c794-jvc4 aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-04-13T07:34:57Z + - timestamp: 2024-04-13T07:34:55Z type: detection data: type: scan/v1 @@ -112,12 +112,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-52fq-3hr9-8hh8 + - id: CGA-82j8-jhp4-cxch aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 + - CVE-2024-20918 + - GHSA-45pc-2866-5hxx events: - - timestamp: 2024-04-13T07:34:58Z + - timestamp: 2024-04-13T07:35:02Z type: detection data: type: scan/v1 @@ -130,12 +130,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-vg54-p32r-5h98 + - id: CGA-8qvx-rpqp-4gpp aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m events: - - timestamp: 2024-04-13T07:35:00Z + - timestamp: 2024-04-13T07:35:01Z type: detection data: type: scan/v1 @@ -148,30 +148,30 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-8qvx-rpqp-4gpp + - id: CGA-8vfw-fhww-7h6v aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 events: - - timestamp: 2024-04-13T07:35:01Z + - timestamp: 2024-04-19T13:34:27Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13-default-jdk - componentID: c5a797af162c12af - componentName: openjdk-13-default-jdk + subpackageName: openjdk-13-jmods + componentID: 18530d8060d34702 + componentName: openjdk-13-jmods componentVersion: 13.0.14.5-r2 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-82j8-jhp4-cxch + - id: CGA-8x9c-jmcv-hcjm aliases: - - CVE-2024-20918 - - GHSA-45pc-2866-5hxx + - CVE-2024-20945 + - GHSA-qj64-r5h2-w6f9 events: - - timestamp: 2024-04-13T07:35:02Z + - timestamp: 2024-04-13T07:35:06Z type: detection data: type: scan/v1 @@ -184,12 +184,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-3chm-f6fp-3gj4 + - id: CGA-974q-c4v2-9rw6 aliases: - - CVE-2024-20919 - - GHSA-vgxv-38wx-r77w + - CVE-2024-20952 + - GHSA-343v-9ccv-7535 events: - - timestamp: 2024-04-13T07:35:03Z + - timestamp: 2024-04-13T07:35:08Z type: detection data: type: scan/v1 @@ -202,12 +202,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-4cr9-hmr3-x33c + - id: CGA-98h6-cpxr-2pvp aliases: - - CVE-2024-20921 - - GHSA-hxqj-hr64-7vf7 + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx events: - - timestamp: 2024-04-13T07:35:05Z + - timestamp: 2024-04-13T07:34:57Z type: detection data: type: scan/v1 @@ -220,30 +220,30 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-p74m-xf73-7g2j + - id: CGA-f6f6-9p7f-pxg6 aliases: - - CVE-2024-20932 - - GHSA-ccwc-jrj7-h4v6 + - CVE-2023-21939 + - GHSA-xfrf-5cgw-f964 events: - - timestamp: 2024-05-24T08:09:55Z + - timestamp: 2024-04-13T07:34:56Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13 - componentID: 3d47c51e890e2c80 - componentName: openjdk-13 - componentVersion: 13.0.14.5-r3 + subpackageName: openjdk-13-default-jdk + componentID: c5a797af162c12af + componentName: openjdk-13-default-jdk + componentVersion: 13.0.14.5-r2 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-8x9c-jmcv-hcjm + - id: CGA-g29g-46j3-99cf aliases: - - CVE-2024-20945 - - GHSA-qj64-r5h2-w6f9 + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-04-13T07:35:06Z + - timestamp: 2024-04-13T07:34:56Z type: detection data: type: scan/v1 @@ -256,12 +256,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-974q-c4v2-9rw6 + - id: CGA-p6r6-rgfw-wjfc aliases: - - CVE-2024-20952 - - GHSA-343v-9ccv-7535 + - CVE-2023-21937 + - GHSA-vr26-5f5w-r829 events: - - timestamp: 2024-04-13T07:35:08Z + - timestamp: 2024-04-13T07:34:54Z type: detection data: type: scan/v1 @@ -274,48 +274,53 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-3wmm-g5vr-38c5 + - id: CGA-p74m-xf73-7g2j aliases: - - CVE-2024-21011 - - GHSA-7qqv-8pwc-x4xc + - CVE-2024-20932 + - GHSA-ccwc-jrj7-h4v6 events: - - timestamp: 2024-04-19T13:34:23Z + - timestamp: 2024-05-24T08:09:55Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13-jmods - componentID: 18530d8060d34702 - componentName: openjdk-13-jmods - componentVersion: 13.0.14.5-r2 + subpackageName: openjdk-13 + componentID: 3d47c51e890e2c80 + componentName: openjdk-13 + componentVersion: 13.0.14.5-r3 componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:28:39Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - - id: CGA-4v29-q5gx-qqpf + - id: CGA-vg54-p32r-5h98 aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2023-22041 + - GHSA-rgxf-494f-377c events: - - timestamp: 2024-04-19T13:34:25Z + - timestamp: 2024-04-13T07:35:00Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13-jmods - componentID: 18530d8060d34702 - componentName: openjdk-13-jmods + subpackageName: openjdk-13-default-jdk + componentID: c5a797af162c12af + componentName: openjdk-13-default-jdk componentVersion: 13.0.14.5-r2 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-8vfw-fhww-7h6v + - id: CGA-wv5q-jf2p-4g45 aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-04-19T13:34:27Z + - timestamp: 2024-04-19T13:34:29Z type: detection data: type: scan/v1 @@ -328,19 +333,19 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-wv5q-jf2p-4g45 + - id: CGA-x53f-gwvv-jqqq aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2023-21930 + - GHSA-4j35-7cr4-3mc8 events: - - timestamp: 2024-04-19T13:34:29Z + - timestamp: 2024-04-13T07:34:54Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-13-jmods - componentID: 18530d8060d34702 - componentName: openjdk-13-jmods + subpackageName: openjdk-13-default-jdk + componentID: c5a797af162c12af + componentName: openjdk-13-default-jdk componentVersion: 13.0.14.5-r2 componentType: apk componentLocation: /.PKGINFO diff --git a/openjdk-14.advisories.yaml b/openjdk-14.advisories.yaml index 2fe9f616e..fc9402640 100644 --- a/openjdk-14.advisories.yaml +++ b/openjdk-14.advisories.yaml @@ -4,12 +4,12 @@ package: name: openjdk-14 advisories: - - id: CGA-hqrx-r43x-2r2c + - id: CGA-2gvw-hjx3-v5fp aliases: - - CVE-2023-21930 - - GHSA-4j35-7cr4-3mc8 + - CVE-2023-21939 + - GHSA-xfrf-5cgw-f964 events: - - timestamp: 2024-03-31T02:41:35Z + - timestamp: 2024-03-31T02:55:33Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. @@ -24,32 +24,76 @@ advisories: data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-hx46-gv4f-2qrc + - id: CGA-42r6-p23j-6c2x aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr + - CVE-2024-20952 + - GHSA-343v-9ccv-7535 events: - - timestamp: 2024-03-31T02:38:57Z + - timestamp: 2024-03-31T02:41:57Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-2gvw-hjx3-v5fp + - id: CGA-4r7x-wppq-c8vr aliases: - - CVE-2023-21939 - - GHSA-xfrf-5cgw-f964 + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - - timestamp: 2024-03-31T02:55:33Z - type: fix-not-planned + - timestamp: 2024-04-19T15:15:35Z + type: detection data: - note: OpenJDK 14 is no longer supported upstream. + type: scan/v1 + data: + subpackageName: openjdk-14-jre-base + componentID: 22d58af0d7a624a0 + componentName: java + componentVersion: 14.0.2-internal+0-wolfi-r3 + componentType: binary + componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java + scanner: grype - - id: CGA-wxhv-wx7r-9x97 + - id: CGA-5jgh-xx22-pvr7 aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2024-21011 + - GHSA-7qqv-8pwc-x4xc events: - - timestamp: 2024-03-31T02:55:50Z + - timestamp: 2024-04-19T15:15:32Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-14-jre-base + componentID: 22d58af0d7a624a0 + componentName: java + componentVersion: 14.0.2-internal+0-wolfi-r3 + componentType: binary + componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java + scanner: grype + + - id: CGA-829j-4v3w-vphp + aliases: + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 + events: + - timestamp: 2024-04-19T15:15:37Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-14-jre-base + componentID: 22d58af0d7a624a0 + componentName: java + componentVersion: 14.0.2-internal+0-wolfi-r3 + componentType: binary + componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java + scanner: grype + + - id: CGA-8qw3-g7jv-pff5 + aliases: + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m + events: + - timestamp: 2024-03-31T02:54:43Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. @@ -64,42 +108,60 @@ advisories: data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-jh28-rwp8-hwrg + - id: CGA-gj5w-6fcc-2jgh aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-03-31T02:40:36Z + - timestamp: 2024-04-19T15:15:38Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-14-jre-base + componentID: 22d58af0d7a624a0 + componentName: java + componentVersion: 14.0.2-internal+0-wolfi-r3 + componentType: binary + componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java + scanner: grype + + - id: CGA-hqrx-r43x-2r2c + aliases: + - CVE-2023-21930 + - GHSA-4j35-7cr4-3mc8 + events: + - timestamp: 2024-03-31T02:41:35Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-rv82-rfvg-64qj + - id: CGA-hx46-gv4f-2qrc aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-03-31T02:55:09Z + - timestamp: 2024-03-31T02:38:57Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-8qw3-g7jv-pff5 + - id: CGA-jh28-rwp8-hwrg aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-03-31T02:54:43Z + - timestamp: 2024-03-31T02:40:36Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-qwq6-5h8c-9m5x + - id: CGA-pc5w-8frh-wwrg aliases: - - CVE-2024-20918 - - GHSA-45pc-2866-5hxx + - CVE-2024-20921 + - GHSA-hxqj-hr64-7vf7 events: - - timestamp: 2024-04-13T09:26:00Z + - timestamp: 2024-04-13T09:26:03Z type: detection data: type: scan/v1 @@ -111,7 +173,7 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:45:23Z + - timestamp: 2024-04-15T09:44:33Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. @@ -138,12 +200,12 @@ advisories: data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-pc5w-8frh-wwrg + - id: CGA-qwq6-5h8c-9m5x aliases: - - CVE-2024-20921 - - GHSA-hxqj-hr64-7vf7 + - CVE-2024-20918 + - GHSA-45pc-2866-5hxx events: - - timestamp: 2024-04-13T09:26:03Z + - timestamp: 2024-04-13T09:26:00Z type: detection data: type: scan/v1 @@ -155,29 +217,11 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:44:33Z + - timestamp: 2024-04-15T09:45:23Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-x929-j5hp-m894 - aliases: - - CVE-2024-20932 - - GHSA-ccwc-jrj7-h4v6 - events: - - timestamp: 2024-05-24T08:14:16Z - type: detection - data: - type: scan/v1 - data: - subpackageName: openjdk-14 - componentID: 4067cce3b5b77188 - componentName: openjdk-14 - componentVersion: 14.0.2.12-r5 - componentType: apk - componentLocation: /.PKGINFO - scanner: grype - - id: CGA-rc44-238m-xc76 aliases: - CVE-2024-20945 @@ -200,84 +244,45 @@ advisories: data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-42r6-p23j-6c2x + - id: CGA-rv82-rfvg-64qj aliases: - - CVE-2024-20952 - - GHSA-343v-9ccv-7535 + - CVE-2023-22041 + - GHSA-rgxf-494f-377c events: - - timestamp: 2024-03-31T02:41:57Z + - timestamp: 2024-03-31T02:55:09Z type: fix-not-planned data: note: OpenJDK 14 is no longer supported upstream. - - id: CGA-5jgh-xx22-pvr7 - aliases: - - CVE-2024-21011 - - GHSA-7qqv-8pwc-x4xc - events: - - timestamp: 2024-04-19T15:15:32Z - type: detection - data: - type: scan/v1 - data: - subpackageName: openjdk-14-jre-base - componentID: 22d58af0d7a624a0 - componentName: java - componentVersion: 14.0.2-internal+0-wolfi-r3 - componentType: binary - componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java - scanner: grype - - - id: CGA-4r7x-wppq-c8vr + - id: CGA-wxhv-wx7r-9x97 aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-04-19T15:15:35Z - type: detection + - timestamp: 2024-03-31T02:55:50Z + type: fix-not-planned data: - type: scan/v1 - data: - subpackageName: openjdk-14-jre-base - componentID: 22d58af0d7a624a0 - componentName: java - componentVersion: 14.0.2-internal+0-wolfi-r3 - componentType: binary - componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java - scanner: grype + note: OpenJDK 14 is no longer supported upstream. - - id: CGA-829j-4v3w-vphp + - id: CGA-x929-j5hp-m894 aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2024-20932 + - GHSA-ccwc-jrj7-h4v6 events: - - timestamp: 2024-04-19T15:15:37Z + - timestamp: 2024-05-24T08:14:16Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-14-jre-base - componentID: 22d58af0d7a624a0 - componentName: java - componentVersion: 14.0.2-internal+0-wolfi-r3 - componentType: binary - componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java + subpackageName: openjdk-14 + componentID: 4067cce3b5b77188 + componentName: openjdk-14 + componentVersion: 14.0.2.12-r5 + componentType: apk + componentLocation: /.PKGINFO scanner: grype - - - id: CGA-gj5w-6fcc-2jgh - aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh - events: - - timestamp: 2024-04-19T15:15:38Z - type: detection + - timestamp: 2024-06-05T12:28:57Z + type: false-positive-determination data: - type: scan/v1 - data: - subpackageName: openjdk-14-jre-base - componentID: 22d58af0d7a624a0 - componentName: java - componentVersion: 14.0.2-internal+0-wolfi-r3 - componentType: binary - componentLocation: /usr/lib/jvm/java-14-openjdk/bin/java - scanner: grype + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. diff --git a/openjdk-15.advisories.yaml b/openjdk-15.advisories.yaml index 8a6ad3395..22f53aba1 100644 --- a/openjdk-15.advisories.yaml +++ b/openjdk-15.advisories.yaml @@ -14,52 +14,32 @@ advisories: data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-cxc7-c386-jwx5 - aliases: - - CVE-2023-21937 - - GHSA-vr26-5f5w-r829 - events: - - timestamp: 2024-03-31T02:41:10Z - type: fix-not-planned - data: - note: OpenJDK 15 is no longer supported upstream. - - - id: CGA-7mw5-55mq-g7f8 - aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr - events: - - timestamp: 2024-03-31T02:38:57Z - type: fix-not-planned - data: - note: OpenJDK 15 is no longer supported upstream. - - - id: CGA-8g97-5p24-c3x2 + - id: CGA-4m5m-7mmw-26xx aliases: - - CVE-2023-21939 - - GHSA-xfrf-5cgw-f964 + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m events: - - timestamp: 2024-03-31T02:55:33Z + - timestamp: 2024-03-31T02:54:43Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-859c-fhpv-wwgm + - id: CGA-573v-3j3f-wrrm aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx events: - - timestamp: 2024-03-31T02:55:50Z + - timestamp: 2024-03-31T02:55:00Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-573v-3j3f-wrrm + - id: CGA-7mw5-55mq-g7f8 aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-03-31T02:55:00Z + - timestamp: 2024-03-31T02:38:57Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. @@ -74,54 +54,50 @@ advisories: data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-p95x-mf8j-49fm + - id: CGA-859c-fhpv-wwgm aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-03-31T02:55:09Z + - timestamp: 2024-03-31T02:55:50Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-4m5m-7mmw-26xx + - id: CGA-8g97-5p24-c3x2 aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2023-21939 + - GHSA-xfrf-5cgw-f964 events: - - timestamp: 2024-03-31T02:54:43Z + - timestamp: 2024-03-31T02:55:33Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-q99x-j2w7-cr2j + - id: CGA-8grq-95rf-2hp6 aliases: - - CVE-2024-20918 - - GHSA-45pc-2866-5hxx + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - - timestamp: 2024-04-13T07:12:49Z + - timestamp: 2024-04-19T11:12:17Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-15-default-jdk - componentID: 877dde9acd774075 - componentName: openjdk-15-default-jdk + subpackageName: openjdk-15-jre + componentID: 392fc4969272d959 + componentName: openjdk-15-jre componentVersion: 15.0.10.5-r3 componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:49:17Z - type: fix-not-planned - data: - note: OpenJDK 15 is no longer supported upstream. - - id: CGA-f533-rgwp-ggw3 + - id: CGA-8mfh-gq8j-c8ff aliases: - - CVE-2024-20919 - - GHSA-vgxv-38wx-r77w + - CVE-2024-20921 + - GHSA-hxqj-hr64-7vf7 events: - - timestamp: 2024-04-13T07:12:50Z + - timestamp: 2024-04-13T07:12:52Z type: detection data: type: scan/v1 @@ -133,17 +109,27 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:49:38Z + - timestamp: 2024-04-15T09:49:49Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. - - id: CGA-8mfh-gq8j-c8ff + - id: CGA-cxc7-c386-jwx5 aliases: - - CVE-2024-20921 - - GHSA-hxqj-hr64-7vf7 + - CVE-2023-21937 + - GHSA-vr26-5f5w-r829 events: - - timestamp: 2024-04-13T07:12:52Z + - timestamp: 2024-03-31T02:41:10Z + type: fix-not-planned + data: + note: OpenJDK 15 is no longer supported upstream. + + - id: CGA-f533-rgwp-ggw3 + aliases: + - CVE-2024-20919 + - GHSA-vgxv-38wx-r77w + events: + - timestamp: 2024-04-13T07:12:50Z type: detection data: type: scan/v1 @@ -155,7 +141,7 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:49:49Z + - timestamp: 2024-04-15T09:49:38Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. @@ -177,35 +163,36 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:29:43Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - - id: CGA-qvxc-rh35-4p32 + - id: CGA-m746-pqf6-r9mf aliases: - - CVE-2024-20945 - - GHSA-qj64-r5h2-w6f9 + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-04-13T07:12:53Z + - timestamp: 2024-04-19T11:12:21Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-15-default-jdk - componentID: 877dde9acd774075 - componentName: openjdk-15-default-jdk + subpackageName: openjdk-15-jre + componentID: 392fc4969272d959 + componentName: openjdk-15-jre componentVersion: 15.0.10.5-r3 componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:50:08Z - type: fix-not-planned - data: - note: OpenJDK 15 is no longer supported upstream. - - id: CGA-vhfm-7c4p-2whh + - id: CGA-p95x-mf8j-49fm aliases: - - CVE-2024-20952 - - GHSA-343v-9ccv-7535 + - CVE-2023-22041 + - GHSA-rgxf-494f-377c events: - - timestamp: 2024-03-31T02:41:57Z + - timestamp: 2024-03-31T02:55:09Z type: fix-not-planned data: note: OpenJDK 15 is no longer supported upstream. @@ -228,48 +215,56 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-8grq-95rf-2hp6 + - id: CGA-q99x-j2w7-cr2j aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2024-20918 + - GHSA-45pc-2866-5hxx events: - - timestamp: 2024-04-19T11:12:17Z + - timestamp: 2024-04-13T07:12:49Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-15-jre - componentID: 392fc4969272d959 - componentName: openjdk-15-jre + subpackageName: openjdk-15-default-jdk + componentID: 877dde9acd774075 + componentName: openjdk-15-default-jdk componentVersion: 15.0.10.5-r3 componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-04-15T09:49:17Z + type: fix-not-planned + data: + note: OpenJDK 15 is no longer supported upstream. - - id: CGA-r2jw-q8hm-7qmx + - id: CGA-qvxc-rh35-4p32 aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2024-20945 + - GHSA-qj64-r5h2-w6f9 events: - - timestamp: 2024-04-19T11:12:19Z + - timestamp: 2024-04-13T07:12:53Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-15-jre - componentID: 392fc4969272d959 - componentName: openjdk-15-jre + subpackageName: openjdk-15-default-jdk + componentID: 877dde9acd774075 + componentName: openjdk-15-default-jdk componentVersion: 15.0.10.5-r3 componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-04-15T09:50:08Z + type: fix-not-planned + data: + note: OpenJDK 15 is no longer supported upstream. - - id: CGA-m746-pqf6-r9mf + - id: CGA-r2jw-q8hm-7qmx aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 events: - - timestamp: 2024-04-19T11:12:21Z + - timestamp: 2024-04-19T11:12:19Z type: detection data: type: scan/v1 @@ -281,3 +276,13 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + + - id: CGA-vhfm-7c4p-2whh + aliases: + - CVE-2024-20952 + - GHSA-343v-9ccv-7535 + events: + - timestamp: 2024-03-31T02:41:57Z + type: fix-not-planned + data: + note: OpenJDK 15 is no longer supported upstream. diff --git a/openjdk-16.advisories.yaml b/openjdk-16.advisories.yaml index 5f23f9252..f0c237dc3 100644 --- a/openjdk-16.advisories.yaml +++ b/openjdk-16.advisories.yaml @@ -4,42 +4,12 @@ package: name: openjdk-16 advisories: - - id: CGA-gjgm-5hqf-4qcg - aliases: - - CVE-2023-21930 - - GHSA-4j35-7cr4-3mc8 - events: - - timestamp: 2024-03-31T02:41:35Z - type: fix-not-planned - data: - note: OpenJDK 16 is no longer supported upstream. - - - id: CGA-v4rx-wrhf-gw83 - aliases: - - CVE-2023-21937 - - GHSA-vr26-5f5w-r829 - events: - - timestamp: 2024-03-31T02:41:10Z - type: fix-not-planned - data: - note: OpenJDK 16 is no longer supported upstream. - - - id: CGA-vwhm-6g44-r477 - aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr - events: - - timestamp: 2024-03-31T02:38:57Z - type: fix-not-planned - data: - note: OpenJDK 16 is no longer supported upstream. - - - id: CGA-49v7-m3q8-q2v7 + - id: CGA-3gxm-h4h7-fw22 aliases: - - CVE-2023-21939 - - GHSA-xfrf-5cgw-f964 + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx events: - - timestamp: 2024-03-31T02:55:33Z + - timestamp: 2024-03-31T02:55:00Z type: fix-not-planned data: note: OpenJDK 16 is no longer supported upstream. @@ -54,52 +24,63 @@ advisories: data: note: OpenJDK 16 is no longer supported upstream. - - id: CGA-3gxm-h4h7-fw22 + - id: CGA-49v7-m3q8-q2v7 aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2023-21939 + - GHSA-xfrf-5cgw-f964 events: - - timestamp: 2024-03-31T02:55:00Z + - timestamp: 2024-03-31T02:55:33Z type: fix-not-planned data: note: OpenJDK 16 is no longer supported upstream. - - id: CGA-v76x-xh6c-57xq + - id: CGA-6hx7-6w3p-7824 aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 + - CVE-2024-20932 + - GHSA-ccwc-jrj7-h4v6 events: - - timestamp: 2024-03-31T02:40:36Z - type: fix-not-planned + - timestamp: 2024-05-24T08:13:36Z + type: detection data: - note: OpenJDK 16 is no longer supported upstream. - - - id: CGA-w823-88hj-m77c - aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c - events: - - timestamp: 2024-03-31T02:55:09Z - type: fix-not-planned + type: scan/v1 + data: + subpackageName: openjdk-16 + componentID: 3f7e17e515351b4d + componentName: openjdk-16 + componentVersion: 16.0.2.7-r5 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype + - timestamp: 2024-06-05T12:30:02Z + type: false-positive-determination data: - note: OpenJDK 16 is no longer supported upstream. + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - - id: CGA-r8q6-rj77-56qj + - id: CGA-726q-pm25-jjgc aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - - timestamp: 2024-03-31T02:54:43Z - type: fix-not-planned + - timestamp: 2024-04-19T13:03:32Z + type: detection data: - note: OpenJDK 16 is no longer supported upstream. + type: scan/v1 + data: + subpackageName: openjdk-16 + componentID: 8815c3ad6a30b005 + componentName: openjdk-16 + componentVersion: 16.0.2.7-r3 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype - - id: CGA-7624-2v8v-5vg7 + - id: CGA-72h6-cc9f-fr5q aliases: - - CVE-2024-20918 - - GHSA-45pc-2866-5hxx + - CVE-2024-20919 + - GHSA-vgxv-38wx-r77w events: - - timestamp: 2024-04-13T09:27:07Z + - timestamp: 2024-04-13T09:27:08Z type: detection data: type: scan/v1 @@ -111,17 +92,17 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:51:50Z + - timestamp: 2024-04-15T09:51:35Z type: fix-not-planned data: note: OpenJDK 16 is no longer supported upstream. - - id: CGA-72h6-cc9f-fr5q + - id: CGA-7624-2v8v-5vg7 aliases: - - CVE-2024-20919 - - GHSA-vgxv-38wx-r77w + - CVE-2024-20918 + - GHSA-45pc-2866-5hxx events: - - timestamp: 2024-04-13T09:27:08Z + - timestamp: 2024-04-13T09:27:07Z type: detection data: type: scan/v1 @@ -133,7 +114,7 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype - - timestamp: 2024-04-15T09:51:35Z + - timestamp: 2024-04-15T09:51:50Z type: fix-not-planned data: note: OpenJDK 16 is no longer supported upstream. @@ -160,20 +141,40 @@ advisories: data: note: OpenJDK 16 is no longer supported upstream. - - id: CGA-6hx7-6w3p-7824 + - id: CGA-gjgm-5hqf-4qcg aliases: - - CVE-2024-20932 - - GHSA-ccwc-jrj7-h4v6 + - CVE-2023-21930 + - GHSA-4j35-7cr4-3mc8 events: - - timestamp: 2024-05-24T08:13:36Z + - timestamp: 2024-03-31T02:41:35Z + type: fix-not-planned + data: + note: OpenJDK 16 is no longer supported upstream. + + - id: CGA-px84-hwgp-hm88 + aliases: + - CVE-2024-20952 + - GHSA-343v-9ccv-7535 + events: + - timestamp: 2024-03-31T02:41:57Z + type: fix-not-planned + data: + note: OpenJDK 16 is no longer supported upstream. + + - id: CGA-qx82-qhjp-v627 + aliases: + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 + events: + - timestamp: 2024-04-19T13:03:35Z type: detection data: type: scan/v1 data: subpackageName: openjdk-16 - componentID: 3f7e17e515351b4d + componentID: 8815c3ad6a30b005 componentName: openjdk-16 - componentVersion: 16.0.2.7-r5 + componentVersion: 16.0.2.7-r3 componentType: apk componentLocation: /.PKGINFO scanner: grype @@ -200,22 +201,22 @@ advisories: data: note: OpenJDK 16 is no longer supported upstream. - - id: CGA-px84-hwgp-hm88 + - id: CGA-r8q6-rj77-56qj aliases: - - CVE-2024-20952 - - GHSA-343v-9ccv-7535 + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m events: - - timestamp: 2024-03-31T02:41:57Z + - timestamp: 2024-03-31T02:54:43Z type: fix-not-planned data: note: OpenJDK 16 is no longer supported upstream. - - id: CGA-xxf2-5cmf-w42c + - id: CGA-rfwp-26m4-mwp7 aliases: - - CVE-2024-21011 - - GHSA-7qqv-8pwc-x4xc + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-04-19T13:03:30Z + - timestamp: 2024-04-19T13:03:37Z type: detection data: type: scan/v1 @@ -228,48 +229,52 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-726q-pm25-jjgc + - id: CGA-v4rx-wrhf-gw83 aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2023-21937 + - GHSA-vr26-5f5w-r829 events: - - timestamp: 2024-04-19T13:03:32Z - type: detection + - timestamp: 2024-03-31T02:41:10Z + type: fix-not-planned data: - type: scan/v1 - data: - subpackageName: openjdk-16 - componentID: 8815c3ad6a30b005 - componentName: openjdk-16 - componentVersion: 16.0.2.7-r3 - componentType: apk - componentLocation: /.PKGINFO - scanner: grype + note: OpenJDK 16 is no longer supported upstream. - - id: CGA-qx82-qhjp-v627 + - id: CGA-v76x-xh6c-57xq aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-04-19T13:03:35Z - type: detection + - timestamp: 2024-03-31T02:40:36Z + type: fix-not-planned data: - type: scan/v1 - data: - subpackageName: openjdk-16 - componentID: 8815c3ad6a30b005 - componentName: openjdk-16 - componentVersion: 16.0.2.7-r3 - componentType: apk - componentLocation: /.PKGINFO - scanner: grype + note: OpenJDK 16 is no longer supported upstream. - - id: CGA-rfwp-26m4-mwp7 + - id: CGA-vwhm-6g44-r477 aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-04-19T13:03:37Z + - timestamp: 2024-03-31T02:38:57Z + type: fix-not-planned + data: + note: OpenJDK 16 is no longer supported upstream. + + - id: CGA-w823-88hj-m77c + aliases: + - CVE-2023-22041 + - GHSA-rgxf-494f-377c + events: + - timestamp: 2024-03-31T02:55:09Z + type: fix-not-planned + data: + note: OpenJDK 16 is no longer supported upstream. + + - id: CGA-xxf2-5cmf-w42c + aliases: + - CVE-2024-21011 + - GHSA-7qqv-8pwc-x4xc + events: + - timestamp: 2024-04-19T13:03:30Z type: detection data: type: scan/v1 diff --git a/openjdk-7.advisories.yaml b/openjdk-7.advisories.yaml index 6858bdc8d..6db452ad3 100644 --- a/openjdk-7.advisories.yaml +++ b/openjdk-7.advisories.yaml @@ -183,6 +183,11 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:24:45Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - id: CGA-824g-cf4x-phj9 aliases: diff --git a/openjdk-8.advisories.yaml b/openjdk-8.advisories.yaml index 79d827ed1..9fd9e77c5 100644 --- a/openjdk-8.advisories.yaml +++ b/openjdk-8.advisories.yaml @@ -22,30 +22,56 @@ advisories: componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - id: CGA-x74r-26jc-x9px + - id: CGA-54pm-rxx7-5ph2 aliases: - - CVE-2023-21937 - - GHSA-vr26-5f5w-r829 + - CVE-2024-21004 + - GHSA-r5cc-f7pr-5v73 events: - - timestamp: 2024-01-11T07:10:54Z + - timestamp: 2024-05-01T23:36:28Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-8-jre - componentID: cb7e5b68577405bc - componentName: java + subpackageName: openjdk-8 + componentID: 2e3d139249f9eb66 + componentName: java/jdk componentVersion: 1.8.0_392-b08 componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb scanner: grype + - timestamp: 2024-05-27T00:38:23Z + type: fixed + data: + fixed-version: 8.412.08-r0 - - id: CGA-wh4h-q24p-73mj + - id: CGA-55r9-jv8g-jx4g aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr + - CVE-2023-42917 + - GHSA-phhr-cqm7-gjv6 events: - - timestamp: 2024-01-11T07:10:54Z + - timestamp: 2024-05-01T23:36:22Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-8 + componentID: 2e3d139249f9eb66 + componentName: java/jdk + componentVersion: 1.8.0_392-b08 + componentType: binary + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb + scanner: grype + - timestamp: 2024-05-27T00:38:20Z + type: fixed + data: + fixed-version: 8.412.08-r0 + + - id: CGA-574g-qhpx-45cf + aliases: + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx + events: + - timestamp: 2024-01-11T07:10:56Z type: detection data: type: scan/v1 @@ -58,12 +84,12 @@ advisories: componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - id: CGA-6m9g-xxxf-x3h8 + - id: CGA-5ph7-mpw6-hqcm aliases: - - CVE-2023-21939 - - GHSA-xfrf-5cgw-f964 + - CVE-2024-21011 + - GHSA-7qqv-8pwc-x4xc events: - - timestamp: 2024-01-11T07:10:54Z + - timestamp: 2024-04-19T13:25:25Z type: detection data: type: scan/v1 @@ -75,13 +101,17 @@ advisories: componentType: binary componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype + - timestamp: 2024-05-27T00:38:20Z + type: fixed + data: + fixed-version: 8.412.08-r0 - - id: CGA-pjwr-v2cc-mwvf + - id: CGA-6m9g-xxxf-x3h8 aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2023-21939 + - GHSA-xfrf-5cgw-f964 events: - - timestamp: 2024-01-11T07:10:55Z + - timestamp: 2024-01-11T07:10:54Z type: detection data: type: scan/v1 @@ -94,12 +124,12 @@ advisories: componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - id: CGA-574g-qhpx-45cf + - id: CGA-g6p4-m46f-4jmh aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2024-21085 + - GHSA-273j-fjrx-gf2f events: - - timestamp: 2024-01-11T07:10:56Z + - timestamp: 2024-04-19T13:25:28Z type: detection data: type: scan/v1 @@ -111,17 +141,10 @@ advisories: componentType: binary componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - - id: CGA-hq6j-c6fw-x9gp - aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 - events: - - timestamp: 2023-08-11T20:23:47Z - type: false-positive-determination + - timestamp: 2024-05-27T00:38:21Z + type: fixed data: - type: vulnerable-code-version-not-used - note: The vulnerability was patched upstream in 362, prior to Wolfi packaging. + fixed-version: 8.412.08-r0 - id: CGA-h9q4-xm2r-6j7p aliases: @@ -145,46 +168,35 @@ advisories: data: fixed-version: 8.412.08-r0 - - id: CGA-qwp7-r45h-hfhv + - id: CGA-hq6j-c6fw-x9gp aliases: - - CVE-2023-41993 - - GHSA-2hcr-79rm-r8rp + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-05-01T23:36:21Z - type: detection - data: - type: scan/v1 - data: - subpackageName: openjdk-8 - componentID: 2e3d139249f9eb66 - componentName: java/jdk - componentVersion: 1.8.0_392-b08 - componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb - scanner: grype - - timestamp: 2024-05-27T00:38:22Z - type: fixed + - timestamp: 2023-08-11T20:23:47Z + type: false-positive-determination data: - fixed-version: 8.412.08-r0 + type: vulnerable-code-version-not-used + note: The vulnerability was patched upstream in 362, prior to Wolfi packaging. - - id: CGA-55r9-jv8g-jx4g + - id: CGA-p48c-96mf-2mqv aliases: - - CVE-2023-42917 - - GHSA-phhr-cqm7-gjv6 + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 events: - - timestamp: 2024-05-01T23:36:22Z + - timestamp: 2024-04-19T13:25:26Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-8 - componentID: 2e3d139249f9eb66 - componentName: java/jdk + subpackageName: openjdk-8-jre + componentID: cb7e5b68577405bc + componentName: java componentVersion: 1.8.0_392-b08 componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - timestamp: 2024-05-27T00:38:20Z + - timestamp: 2024-05-27T00:38:19Z type: fixed data: fixed-version: 8.412.08-r0 @@ -206,13 +218,18 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-06-05T12:22:39Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. - - id: CGA-q89h-mvr2-6xwx + - id: CGA-pf5g-h32q-mp23 aliases: - - CVE-2024-21002 - - GHSA-5wrr-m725-w8jw + - CVE-2024-21003 + - GHSA-wg7v-w4x5-xvmx events: - - timestamp: 2024-05-01T23:36:24Z + - timestamp: 2024-05-01T23:36:26Z type: detection data: type: scan/v1 @@ -224,54 +241,50 @@ advisories: componentType: binary componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb scanner: grype - - timestamp: 2024-05-27T00:38:22Z + - timestamp: 2024-05-27T00:38:24Z type: fixed data: fixed-version: 8.412.08-r0 - - id: CGA-pf5g-h32q-mp23 + - id: CGA-pjr2-285j-h298 aliases: - - CVE-2024-21003 - - GHSA-wg7v-w4x5-xvmx + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-05-01T23:36:26Z + - timestamp: 2024-04-19T13:25:29Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-8 - componentID: 2e3d139249f9eb66 - componentName: java/jdk + subpackageName: openjdk-8-jre + componentID: cb7e5b68577405bc + componentName: java componentVersion: 1.8.0_392-b08 componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - timestamp: 2024-05-27T00:38:24Z + - timestamp: 2024-05-27T00:38:22Z type: fixed data: fixed-version: 8.412.08-r0 - - id: CGA-54pm-rxx7-5ph2 + - id: CGA-pjwr-v2cc-mwvf aliases: - - CVE-2024-21004 - - GHSA-r5cc-f7pr-5v73 + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-05-01T23:36:28Z + - timestamp: 2024-01-11T07:10:55Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-8 - componentID: 2e3d139249f9eb66 - componentName: java/jdk + subpackageName: openjdk-8-jre + componentID: cb7e5b68577405bc + componentName: java componentVersion: 1.8.0_392-b08 componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - timestamp: 2024-05-27T00:38:23Z - type: fixed - data: - fixed-version: 8.412.08-r0 - id: CGA-pppq-g286-2qm8 aliases: @@ -295,56 +308,56 @@ advisories: data: fixed-version: 8.412.08-r0 - - id: CGA-5ph7-mpw6-hqcm + - id: CGA-q89h-mvr2-6xwx aliases: - - CVE-2024-21011 - - GHSA-7qqv-8pwc-x4xc + - CVE-2024-21002 + - GHSA-5wrr-m725-w8jw events: - - timestamp: 2024-04-19T13:25:25Z + - timestamp: 2024-05-01T23:36:24Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-8-jre - componentID: cb7e5b68577405bc - componentName: java + subpackageName: openjdk-8 + componentID: 2e3d139249f9eb66 + componentName: java/jdk componentVersion: 1.8.0_392-b08 componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb scanner: grype - - timestamp: 2024-05-27T00:38:20Z + - timestamp: 2024-05-27T00:38:22Z type: fixed data: fixed-version: 8.412.08-r0 - - id: CGA-p48c-96mf-2mqv + - id: CGA-qwp7-r45h-hfhv aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2023-41993 + - GHSA-2hcr-79rm-r8rp events: - - timestamp: 2024-04-19T13:25:26Z + - timestamp: 2024-05-01T23:36:21Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-8-jre - componentID: cb7e5b68577405bc - componentName: java + subpackageName: openjdk-8 + componentID: 2e3d139249f9eb66 + componentName: java/jdk componentVersion: 1.8.0_392-b08 componentType: binary - componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java + componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/jdb scanner: grype - - timestamp: 2024-05-27T00:38:19Z + - timestamp: 2024-05-27T00:38:22Z type: fixed data: fixed-version: 8.412.08-r0 - - id: CGA-g6p4-m46f-4jmh + - id: CGA-wh4h-q24p-73mj aliases: - - CVE-2024-21085 - - GHSA-273j-fjrx-gf2f + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-04-19T13:25:28Z + - timestamp: 2024-01-11T07:10:54Z type: detection data: type: scan/v1 @@ -356,17 +369,13 @@ advisories: componentType: binary componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - timestamp: 2024-05-27T00:38:21Z - type: fixed - data: - fixed-version: 8.412.08-r0 - - id: CGA-pjr2-285j-h298 + - id: CGA-x74r-26jc-x9px aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2023-21937 + - GHSA-vr26-5f5w-r829 events: - - timestamp: 2024-04-19T13:25:29Z + - timestamp: 2024-01-11T07:10:54Z type: detection data: type: scan/v1 @@ -378,7 +387,3 @@ advisories: componentType: binary componentLocation: /usr/lib/jvm/java-1.8-openjdk/bin/java, /usr/lib/jvm/java-1.8-openjdk/jre/bin/java scanner: grype - - timestamp: 2024-05-27T00:38:22Z - type: fixed - data: - fixed-version: 8.412.08-r0 diff --git a/openjdk-9.advisories.yaml b/openjdk-9.advisories.yaml index e28a47180..d6f919df2 100644 --- a/openjdk-9.advisories.yaml +++ b/openjdk-9.advisories.yaml @@ -4,24 +4,6 @@ package: name: openjdk-9 advisories: - - id: CGA-x7wj-wgqx-c8v2 - aliases: - - CVE-2023-21930 - - GHSA-4j35-7cr4-3mc8 - events: - - timestamp: 2024-04-04T11:31:08Z - type: detection - data: - type: scan/v1 - data: - subpackageName: openjdk-9-demos - componentID: 6f29d36076a19cf8 - componentName: openjdk-9-demos - componentVersion: 9.0.4-r4 - componentType: apk - componentLocation: /.PKGINFO - scanner: grype - - id: CGA-42qp-v3hv-ccrx aliases: - CVE-2023-21937 @@ -40,12 +22,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-8c3c-8832-4h4m + - id: CGA-44j3-cpx8-c494 aliases: - - CVE-2023-21938 - - GHSA-9pqg-44mx-r5gr + - CVE-2023-21968 + - GHSA-r6j2-4r52-mpg7 events: - - timestamp: 2024-04-04T11:31:48Z + - timestamp: 2024-04-04T11:33:18Z type: detection data: type: scan/v1 @@ -76,66 +58,66 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-hjpf-3gwx-g4w7 + - id: CGA-5724-8hfg-fh92 aliases: - - CVE-2023-21954 - - GHSA-8x3h-4f64-v6v6 + - CVE-2024-20921 + - GHSA-hxqj-hr64-7vf7 events: - - timestamp: 2024-04-04T11:32:24Z + - timestamp: 2024-04-14T07:34:04Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9-demos - componentID: 6f29d36076a19cf8 - componentName: openjdk-9-demos - componentVersion: 9.0.4-r4 - componentType: apk - componentLocation: /.PKGINFO + subpackageName: openjdk-9-jre-base + componentID: bbe1181a4d4a9166 + componentName: java + componentVersion: 9+9-wolfi-r4 + componentType: binary + componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-vpr5-f53x-64jc + - id: CGA-5xc4-6xmp-mhv5 aliases: - - CVE-2023-21967 - - GHSA-wg7x-fvjp-r3fx + - CVE-2024-21011 + - GHSA-7qqv-8pwc-x4xc events: - - timestamp: 2024-04-04T11:32:48Z + - timestamp: 2024-04-19T14:43:54Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9-demos - componentID: 6f29d36076a19cf8 - componentName: openjdk-9-demos - componentVersion: 9.0.4-r4 - componentType: apk - componentLocation: /.PKGINFO + subpackageName: openjdk-9-jre-base + componentID: bbe1181a4d4a9166 + componentName: java + componentVersion: 9+9-wolfi-r4 + componentType: binary + componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-44j3-cpx8-c494 + - id: CGA-7457-3crg-22f8 aliases: - - CVE-2023-21968 - - GHSA-r6j2-4r52-mpg7 + - CVE-2024-21012 + - GHSA-ccmh-gwpx-35xj events: - - timestamp: 2024-04-04T11:33:18Z + - timestamp: 2024-04-19T13:06:54Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9-demos - componentID: 6f29d36076a19cf8 - componentName: openjdk-9-demos + subpackageName: openjdk-9 + componentID: c13e23ad31c2bc23 + componentName: openjdk-9 componentVersion: 9.0.4-r4 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-xr4c-6qfm-gwf2 + - id: CGA-8c3c-8832-4h4m aliases: - - CVE-2023-22041 - - GHSA-rgxf-494f-377c + - CVE-2023-21938 + - GHSA-9pqg-44mx-r5gr events: - - timestamp: 2024-04-04T11:33:54Z + - timestamp: 2024-04-04T11:31:48Z type: detection data: type: scan/v1 @@ -148,12 +130,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-xg88-pcc2-j423 + - id: CGA-8v9x-28ww-q5x2 aliases: - - CVE-2023-25193 - - GHSA-v8ff-vmc3-wr4m + - CVE-2024-20952 + - GHSA-343v-9ccv-7535 events: - - timestamp: 2024-04-04T11:34:34Z + - timestamp: 2024-04-04T11:35:19Z type: detection data: type: scan/v1 @@ -184,12 +166,12 @@ advisories: componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-w96j-8xp8-fmfh + - id: CGA-hgf7-9gvc-9h95 aliases: - - CVE-2024-20919 - - GHSA-vgxv-38wx-r77w + - CVE-2024-21085 + - GHSA-273j-fjrx-gf2f events: - - timestamp: 2024-04-14T07:34:03Z + - timestamp: 2024-04-19T14:43:59Z type: detection data: type: scan/v1 @@ -202,30 +184,30 @@ advisories: componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-5724-8hfg-fh92 + - id: CGA-hjpf-3gwx-g4w7 aliases: - - CVE-2024-20921 - - GHSA-hxqj-hr64-7vf7 + - CVE-2023-21954 + - GHSA-8x3h-4f64-v6v6 events: - - timestamp: 2024-04-14T07:34:04Z + - timestamp: 2024-04-04T11:32:24Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9-jre-base - componentID: bbe1181a4d4a9166 - componentName: java - componentVersion: 9+9-wolfi-r4 - componentType: binary - componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java + subpackageName: openjdk-9-demos + componentID: 6f29d36076a19cf8 + componentName: openjdk-9-demos + componentVersion: 9.0.4-r4 + componentType: apk + componentLocation: /.PKGINFO scanner: grype - - id: CGA-xwmm-c29v-58c4 + - id: CGA-jf7j-87c2-2j73 aliases: - - CVE-2024-20926 - - GHSA-hjh6-9v4w-w32w + - CVE-2024-21094 + - GHSA-g3wm-f7gr-3fwh events: - - timestamp: 2024-04-14T07:34:06Z + - timestamp: 2024-04-19T14:44:01Z type: detection data: type: scan/v1 @@ -238,22 +220,22 @@ advisories: componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-vc4h-mmw2-v2p6 + - id: CGA-m9f5-2jqm-j22m aliases: - - CVE-2024-20932 - - GHSA-ccwc-jrj7-h4v6 + - CVE-2024-21068 + - GHSA-q4c6-w389-xqq6 events: - - timestamp: 2024-05-24T07:20:27Z + - timestamp: 2024-04-19T14:43:56Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9 - componentID: c13e23ad31c2bc23 - componentName: openjdk-9 - componentVersion: 9.0.4-r4 - componentType: apk - componentLocation: /.PKGINFO + subpackageName: openjdk-9-jre-base + componentID: bbe1181a4d4a9166 + componentName: java + componentVersion: 9+9-wolfi-r4 + componentType: binary + componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - id: CGA-pqh3-8cvq-h5j9 @@ -274,12 +256,35 @@ advisories: componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-8v9x-28ww-q5x2 + - id: CGA-vc4h-mmw2-v2p6 aliases: - - CVE-2024-20952 - - GHSA-343v-9ccv-7535 + - CVE-2024-20932 + - GHSA-ccwc-jrj7-h4v6 events: - - timestamp: 2024-04-04T11:35:19Z + - timestamp: 2024-05-24T07:20:27Z + type: detection + data: + type: scan/v1 + data: + subpackageName: openjdk-9 + componentID: c13e23ad31c2bc23 + componentName: openjdk-9 + componentVersion: 9.0.4-r4 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype + - timestamp: 2024-06-05T12:26:11Z + type: false-positive-determination + data: + type: vulnerable-code-version-not-used + note: NVD record says the affected version is 17.0.9, not a version range. + + - id: CGA-vpr5-f53x-64jc + aliases: + - CVE-2023-21967 + - GHSA-wg7x-fvjp-r3fx + events: + - timestamp: 2024-04-04T11:32:48Z type: detection data: type: scan/v1 @@ -292,12 +297,12 @@ advisories: componentLocation: /.PKGINFO scanner: grype - - id: CGA-5xc4-6xmp-mhv5 + - id: CGA-w96j-8xp8-fmfh aliases: - - CVE-2024-21011 - - GHSA-7qqv-8pwc-x4xc + - CVE-2024-20919 + - GHSA-vgxv-38wx-r77w events: - - timestamp: 2024-04-19T14:43:54Z + - timestamp: 2024-04-14T07:34:03Z type: detection data: type: scan/v1 @@ -310,66 +315,66 @@ advisories: componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java scanner: grype - - id: CGA-7457-3crg-22f8 + - id: CGA-x7wj-wgqx-c8v2 aliases: - - CVE-2024-21012 - - GHSA-ccmh-gwpx-35xj + - CVE-2023-21930 + - GHSA-4j35-7cr4-3mc8 events: - - timestamp: 2024-04-19T13:06:54Z + - timestamp: 2024-04-04T11:31:08Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9 - componentID: c13e23ad31c2bc23 - componentName: openjdk-9 + subpackageName: openjdk-9-demos + componentID: 6f29d36076a19cf8 + componentName: openjdk-9-demos componentVersion: 9.0.4-r4 componentType: apk componentLocation: /.PKGINFO scanner: grype - - id: CGA-m9f5-2jqm-j22m + - id: CGA-xg88-pcc2-j423 aliases: - - CVE-2024-21068 - - GHSA-q4c6-w389-xqq6 + - CVE-2023-25193 + - GHSA-v8ff-vmc3-wr4m events: - - timestamp: 2024-04-19T14:43:56Z + - timestamp: 2024-04-04T11:34:34Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9-jre-base - componentID: bbe1181a4d4a9166 - componentName: java - componentVersion: 9+9-wolfi-r4 - componentType: binary - componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java + subpackageName: openjdk-9-demos + componentID: 6f29d36076a19cf8 + componentName: openjdk-9-demos + componentVersion: 9.0.4-r4 + componentType: apk + componentLocation: /.PKGINFO scanner: grype - - id: CGA-hgf7-9gvc-9h95 + - id: CGA-xr4c-6qfm-gwf2 aliases: - - CVE-2024-21085 - - GHSA-273j-fjrx-gf2f + - CVE-2023-22041 + - GHSA-rgxf-494f-377c events: - - timestamp: 2024-04-19T14:43:59Z + - timestamp: 2024-04-04T11:33:54Z type: detection data: type: scan/v1 data: - subpackageName: openjdk-9-jre-base - componentID: bbe1181a4d4a9166 - componentName: java - componentVersion: 9+9-wolfi-r4 - componentType: binary - componentLocation: /usr/lib/jvm/java-1.9-openjdk/bin/java + subpackageName: openjdk-9-demos + componentID: 6f29d36076a19cf8 + componentName: openjdk-9-demos + componentVersion: 9.0.4-r4 + componentType: apk + componentLocation: /.PKGINFO scanner: grype - - id: CGA-jf7j-87c2-2j73 + - id: CGA-xwmm-c29v-58c4 aliases: - - CVE-2024-21094 - - GHSA-g3wm-f7gr-3fwh + - CVE-2024-20926 + - GHSA-hjh6-9v4w-w32w events: - - timestamp: 2024-04-19T14:44:01Z + - timestamp: 2024-04-14T07:34:06Z type: detection data: type: scan/v1