Skip to content

Commit

Permalink
Update vulnerability whitelist
Browse files Browse the repository at this point in the history
  • Loading branch information
sd234678 committed Feb 19, 2024
1 parent bb35828 commit a69e902
Show file tree
Hide file tree
Showing 4 changed files with 6 additions and 6 deletions.
2 changes: 1 addition & 1 deletion .last-exported-commit
Original file line number Diff line number Diff line change
@@ -1 +1 @@
Last exported commit from parent repo: a1ec8ed3ba38cff9008dd1cc4b35d9dec2ca9298
Last exported commit from parent repo: 6e3f24b8131b3b49aed37881270b7a18e093d307
2 changes: 1 addition & 1 deletion nix-bootstrap.cabal
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ cabal-version: 2.0
-- see: https://github.com/sol/hpack

name: nix-bootstrap
version: 1.5.4.1
version: 1.5.4.2
author: gchquser
maintainer: [email protected]
copyright: Crown Copyright
Expand Down
2 changes: 1 addition & 1 deletion package.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
name: nix-bootstrap
version: 1.5.4.1
version: 1.5.4.2
author: gchquser
maintainer: [email protected]
copyright: Crown Copyright
Expand Down
6 changes: 3 additions & 3 deletions vulnerability-whitelist.toml
Original file line number Diff line number Diff line change
Expand Up @@ -161,8 +161,8 @@ comment = """Severity disputed and upstream patch not yet in nixpkgs. \
"""

["terminal"]
cve = ["CVE-2022-44702"]
comment = "CVE refers to microsoft terminal, not this haskell package."
cve = ["CVE-2022-44702", "CVE-2002-1898"]
comment = "CVEs refers to microsoft terminal and OSX terminal, not this haskell package."

["unzip"]
cve = ["CVE-2021-4217", "CVE-2022-0529", "CVE-2022-0530"]
Expand All @@ -179,7 +179,7 @@ cve = ["CVE-2022-3064", "CVE-2021-4235", "CVE-2023-2251"]
comment = "CVEs refer to other things called yaml, not this haskell package."

["zlib-0.6.3.0"]
cve = ["CVE-2018-25032", "CVE-2022-37434", "CVE-2023-45853", "CVE-2023-6992"]
cve = ["CVE-2018-25032", "CVE-2022-37434", "CVE-2023-45853", "CVE-2023-6992", "CVE-2002-0059"]
comment = "Actual zlib dependency is already on a patched version; this version is a haskell library."

["zlib-1.2.12"]
Expand Down

0 comments on commit a69e902

Please sign in to comment.