Skip to content

Commit

Permalink
add project to generate fix-not-planned events for eol packages (#8968)
Browse files Browse the repository at this point in the history 
Signed-off-by: hectorj2f <hector@chainguard.dev>
  • Loading branch information
@hectorj2f
hectorj2f authored Nov 6, 2024
1 parent 5effbd4 commit 50dba18
Show file tree
Hide file tree
Showing 2 changed files with 286 additions and 178 deletions.
179 changes: 130 additions & 49 deletions gatekeeper-3.14.advisories.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,27 +4,25 @@ package:
name: gatekeeper-3.14

advisories:
- id: CGA-9xh9-cwfq-hh4h
- id: CGA-4g9f-jcxv-28v7
aliases:
- CVE-2019-3826
- GHSA-3m87-5598-2v4f
- CVE-2023-45288
- GHSA-4v7x-pqxf-cx7m
events:
- timestamp: 2023-12-17T17:35:48Z
type: false-positive-determination
- timestamp: 2024-04-13T07:09:51Z
type: fixed
data:
type: vulnerable-code-version-not-used
note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.
fixed-version: 3.14.1-r2

- id: CGA-qqq4-xppr-35gx
- id: CGA-56q8-78c5-qrvx
aliases:
- CVE-2023-44487
- GHSA-m425-mq94-257g
- GHSA-qppj-fm5r-hxr3
- CVE-2024-24783
- GHSA-3q2c-pvp5-3cqp
events:
- timestamp: 2023-11-06T23:02:14Z
- timestamp: 2024-03-12T07:07:16Z
type: fixed
data:
fixed-version: 3.14.0-r1
fixed-version: 3.14.0-r5

- id: CGA-589c-c37r-2956
aliases:
Expand All @@ -37,66 +35,82 @@ advisories:
type: vulnerable-code-not-included-in-package
note: Only affects Windows

- id: CGA-fc6g-3p45-pxm5
- id: CGA-5cwv-rv84-wx25
aliases:
- CVE-2023-45284
- GHSA-rq3x-83w4-p28c
- CVE-2024-24788
events:
- timestamp: 2023-11-07T19:27:36Z
type: false-positive-determination
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-4g9f-jcxv-28v7
- id: CGA-5j73-7x8v-xgr4
aliases:
- CVE-2023-45288
- GHSA-4v7x-pqxf-cx7m
- CVE-2023-45290
- GHSA-rr6r-cfgf-gc6h
events:
- timestamp: 2024-04-13T07:09:51Z
- timestamp: 2024-03-12T07:07:15Z
type: fixed
data:
fixed-version: 3.14.1-r2
fixed-version: 3.14.0-r5

- id: CGA-qj54-7fmv-9w4f
- id: CGA-6jgj-pq58-fvgm
aliases:
- CVE-2023-45289
- GHSA-32ch-6x54-q4h9
- GHSA-c77r-fh37-x2px
events:
- timestamp: 2024-03-12T07:07:15Z
type: fixed
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
fixed-version: 3.14.0-r5
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-5j73-7x8v-xgr4
- id: CGA-8jfv-ghxw-j488
aliases:
- CVE-2023-45290
- GHSA-rr6r-cfgf-gc6h
- CVE-2024-24790
events:
- timestamp: 2024-03-12T07:07:15Z
type: fixed
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
fixed-version: 3.14.0-r5
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-wwr9-qf7q-6jqm
- id: CGA-956q-788f-m3j2
aliases:
- CVE-2023-48795
- GHSA-45x7-px36-x8w8
- CVE-2024-24787
events:
- timestamp: 2024-02-15T07:13:08Z
type: fixed
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
fixed-version: 3.14.0-r4
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-56q8-78c5-qrvx
- id: CGA-9xh9-cwfq-hh4h
aliases:
- CVE-2024-24783
- GHSA-3q2c-pvp5-3cqp
- CVE-2019-3826
- GHSA-3m87-5598-2v4f
events:
- timestamp: 2024-03-12T07:07:16Z
type: fixed
- timestamp: 2023-12-17T17:35:48Z
type: false-positive-determination
data:
fixed-version: 3.14.0-r5
type: vulnerable-code-version-not-used
note: This vulnerability has been fixed in version v2.7.1 which corresponds to the Go library version v0.7.1 and this package includes a later version.

- id: CGA-chhg-fpxj-j88v
aliases:
- CVE-2024-34155
events:
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-fc6g-3p45-pxm5
aliases:
- CVE-2023-45284
- GHSA-rq3x-83w4-p28c
events:
- timestamp: 2023-11-07T19:27:36Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows

- id: CGA-hwwr-mv64-fq5w
aliases:
Expand All @@ -108,6 +122,15 @@ advisories:
data:
fixed-version: 3.14.0-r5

- id: CGA-mvjw-hw84-x9xw
aliases:
- CVE-2024-34158
events:
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-mw6g-qq6m-g546
aliases:
- CVE-2024-24785
Expand All @@ -118,6 +141,54 @@ advisories:
data:
fixed-version: 3.14.0-r5

- id: CGA-q42r-c25f-q68h
aliases:
- CVE-2024-24791
events:
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-q79m-jv64-vfx6
aliases:
- CVE-2024-34156
events:
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-qj54-7fmv-9w4f
aliases:
- CVE-2023-45289
- GHSA-32ch-6x54-q4h9
events:
- timestamp: 2024-03-12T07:07:15Z
type: fixed
data:
fixed-version: 3.14.0-r5

- id: CGA-qqq4-xppr-35gx
aliases:
- CVE-2023-44487
- GHSA-m425-mq94-257g
- GHSA-qppj-fm5r-hxr3
events:
- timestamp: 2023-11-06T23:02:14Z
type: fixed
data:
fixed-version: 3.14.0-r1

- id: CGA-v85x-fchr-9579
aliases:
- CVE-2024-24789
events:
- timestamp: 2024-11-06T17:54:09Z
type: fix-not-planned
data:
note: This package is no longer supported upstream and has reached its end of life on '2024-05-09'.

- id: CGA-w6f3-cj6m-9j23
aliases:
- CVE-2024-24786
Expand All @@ -139,3 +210,13 @@ advisories:
type: fixed
data:
fixed-version: 3.14.1-r1

- id: CGA-wwr9-qf7q-6jqm
aliases:
- CVE-2023-48795
- GHSA-45x7-px36-x8w8
events:
- timestamp: 2024-02-15T07:13:08Z
type: fixed
data:
fixed-version: 3.14.0-r4
Loading

0 comments on commit 50dba18

Please sign in to comment.