Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OSVDB in license #487

Open
dberecz opened this issue Jul 8, 2021 · 1 comment
Open

OSVDB in license #487

dberecz opened this issue Jul 8, 2021 · 1 comment

Comments

@dberecz
Copy link

dberecz commented Jul 8, 2021

In the license the usage of OSVDB is mentioned and references their license. OSVDB and OSF both shut down years ago. Is it still relevant to keep them in the license? Removing them would make the license more clear and up-to-date. Thanks a lot!

@postmodern
Copy link
Member

postmodern commented Jul 8, 2021

There has been work to remove any data that came from OSVDB (see #456). There are still 90 advisories named OSVDB-..., but that have no cve: ID we could rename them to. Someone will need to research each advisory (aka googling the title:) and find the missing CVE.

gems/actionpack/OSVDB-100524.yml
gems/actionpack/OSVDB-100525.yml
gems/actionpack/OSVDB-100526.yml
gems/actionpack/OSVDB-100527.yml
gems/actionpack/OSVDB-100528.yml
gems/actionpack/OSVDB-74616.yml
gems/actionpack/OSVDB-77199.yml
gems/activerecord-jdbc-adapter/OSVDB-114854.yml
gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
gems/activerecord/OSVDB-88661.yml
gems/activeresource/OSVDB-95749.yml
gems/as/OSVDB-112683.yml
gems/auto_awesomplete/OSVDB-132800.yml
gems/auto_select2/OSVDB-132800.yml
gems/backup_checksum/OSVDB-108570.yml
gems/bcrypt/OSVDB-62067.yml
gems/bcrypt-ruby/OSVDB-62067.yml
gems/brbackup/OSVDB-108899.yml
gems/brbackup/OSVDB-108900.yml
gems/builder/OSVDB-95668.yml
gems/bundler/OSVDB-115090.yml
gems/bundler/OSVDB-115091.yml
gems/bundler/OSVDB-115917.yml
gems/cap-strap/OSVDB-108575.yml
gems/curb/OSVDB-114600.yml
gems/devise/OSVDB-114435.yml
gems/doorkeeper/OSVDB-118830.yml
gems/dragonfly/OSVDB-110439.yml
gems/dragonfly/OSVDB-97854.yml
gems/enum_column3/OSVDB-94679.yml
gems/flavour_saver/OSVDB-110796.yml
gems/flukso4r/OSVDB-101577.yml
gems/fog-dragonfly/OSVDB-110439.yml
gems/fog-dragonfly/OSVDB-97854.yml
gems/gnms/OSVDB-108594.yml
gems/handlebars-source/OSVDB-131671.yml
gems/i18n/OSVDB-100528.yml
gems/jruby-sandbox/OSVDB-106279.yml
gems/json/OSVDB-101157.yml
gems/kajam/OSVDB-108530.yml
gems/karo/OSVDB-108573.yml
gems/kcapifony/OSVDB-108572.yml
gems/kompanee-recipes/OSVDB-108593.yml
gems/lingq/OSVDB-108585.yml
gems/loofah/OSVDB-90945.yml
gems/lynx/OSVDB-108579.yml
gems/mapbox-rails/OSVDB-129854.yml
gems/mapbox-rails/OSVDB-132871.yml
gems/mustache-js-rails/OSVDB-131671.yml
gems/nokogiri/OSVDB-118481.yml
gems/open-uri-cached/OSVDB-121701.yml
gems/paperclip/OSVDB-103151.yml
gems/passenger/OSVDB-90738.yml
gems/quick_magick/OSVDB-106954.yml
gems/rack-attack/OSVDB-132234.yml
gems/redcarpet/OSVDB-120415.yml
gems/redis-namespace/OSVDB-96425.yml
gems/refile/OSVDB-120857.yml
gems/ruby-saml/OSVDB-117903.yml
gems/ruby-saml/OSVDB-124383.yml
gems/ruby-saml/OSVDB-124991.yml
gems/screen_capture/OSVDB-107783.yml
gems/sidekiq/OSVDB-125675.yml
gems/sidekiq/OSVDB-125676.yml
gems/sidekiq/OSVDB-125678.yml
gems/sidekiq-pro/OSVDB-126329.yml
gems/sidekiq-pro/OSVDB-126330.yml
gems/sidekiq-pro/OSVDB-126331.yml
gems/spree_auth_devise/OSVDB-90865.yml
gems/spree_auth/OSVDB-90865.yml
gems/spree/OSVDB-119205.yml
gems/spree/OSVDB-125699.yml
gems/spree/OSVDB-125701.yml
gems/spree/OSVDB-125712.yml
gems/spree/OSVDB-125713.yml
gems/spree/OSVDB-69098.yml
gems/spree/OSVDB-73751.yml
gems/spree/OSVDB-76011.yml
gems/spree/OSVDB-81505.yml
gems/spree/OSVDB-81506.yml
gems/spree/OSVDB-90865.yml
gems/spree/OSVDB-91216.yml
gems/spree/OSVDB-91217.yml
gems/spree/OSVDB-91218.yml
gems/spree/OSVDB-91219.yml
gems/twitter-bootstrap-rails/OSVDB-109206.yml
gems/uglifier/OSVDB-126747.yml
gems/web-console/OSVDB-112346.yml
rubies/jruby/OSVDB-94644.yml
rubies/rbx/OSVDB-78119.yml

There are also 64 advisories which contain URLs to the defunct osvdb.org website, which should probably be removed. A PR could easily be submitted to remove the dead osvdb.org URLs.

gems/activerecord-jdbc-adapter/OSVDB-114854.yml
gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
gems/activeresource/OSVDB-95749.yml
gems/as/OSVDB-112683.yml
gems/backup_checksum/OSVDB-108570.yml
gems/brbackup/OSVDB-108899.yml
gems/brbackup/OSVDB-108900.yml
gems/builder/OSVDB-95668.yml
gems/bundler/OSVDB-115090.yml
gems/bundler/OSVDB-115091.yml
gems/bundler/OSVDB-115917.yml
gems/cap-strap/OSVDB-108575.yml
gems/curb/OSVDB-114600.yml
gems/doorkeeper/OSVDB-118830.yml
gems/dragonfly/OSVDB-110439.yml
gems/dragonfly/OSVDB-97854.yml
gems/enum_column3/OSVDB-94679.yml
gems/flavour_saver/OSVDB-110796.yml
gems/flukso4r/OSVDB-101577.yml
gems/fog-dragonfly/OSVDB-110439.yml
gems/fog-dragonfly/OSVDB-97854.yml
gems/gnms/OSVDB-108594.yml
gems/json/OSVDB-101157.yml
gems/kajam/OSVDB-108530.yml
gems/karo/OSVDB-108573.yml
gems/kcapifony/OSVDB-108572.yml
gems/kompanee-recipes/OSVDB-108593.yml
gems/lingq/OSVDB-108585.yml
gems/loofah/OSVDB-90945.yml
gems/lynx/OSVDB-108579.yml
gems/paperclip/OSVDB-103151.yml
gems/quick_magick/OSVDB-106954.yml
gems/ruby-saml/OSVDB-117903.yml
gems/screen_capture/OSVDB-107783.yml
gems/web-console/OSVDB-112346.yml
rubies/jruby/OSVDB-94644.yml
rubies/rbx/CVE-2012-5372.yml
rubies/rbx/OSVDB-78119.yml
rubies/ruby/CVE-2008-2662.yml
rubies/ruby/CVE-2008-2663.yml
rubies/ruby/CVE-2008-2664.yml
rubies/ruby/CVE-2008-2725.yml
rubies/ruby/CVE-2008-2726.yml
rubies/ruby/CVE-2008-3790.yml
rubies/ruby/CVE-2009-1904.yml
rubies/ruby/CVE-2009-4124.yml
rubies/ruby/CVE-2009-4492.yml
rubies/ruby/CVE-2010-0541.yml
rubies/ruby/CVE-2010-2489.yml
rubies/ruby/CVE-2011-1004.yml
rubies/ruby/CVE-2011-1005.yml
rubies/ruby/CVE-2011-3389.yml
rubies/ruby/CVE-2011-4815.yml
rubies/ruby/CVE-2012-4522.yml
rubies/ruby/CVE-2012-5371.yml
rubies/ruby/CVE-2013-1821.yml
rubies/ruby/CVE-2013-2065.yml
rubies/ruby/CVE-2013-4073.yml
rubies/ruby/CVE-2013-4164.yml
rubies/ruby/CVE-2014-2525.yml
rubies/ruby/CVE-2014-3916.yml
rubies/ruby/CVE-2014-4975.yml
rubies/ruby/CVE-2014-8080.yml
rubies/ruby/CVE-2014-8090.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants