Revert "drop tomcat-9 and argo-cd-2.9 (#2048)" (#2471)

This reverts commit afdb56f.
wolfi-dev · Mar 13, 2024 · d575532 · d575532
1 parent f9b4d4c
commit d575532
Show file tree

Hide file tree

Showing 2 changed files with 120 additions and 0 deletions.
diff --git a/argo-cd-2.9.advisories.yaml b/argo-cd-2.9.advisories.yaml
@@ -0,0 +1,106 @@
+schema-version: 2.0.2
+
+package:
+  name: argo-cd-2.9
+
+advisories:
+  - id: CVE-2021-25743
+    aliases:
+      - GHSA-f9jg-8p32-2f55
+    events:
+      - timestamp: 2023-11-28T13:21:30Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-not-included-in-package
+          note: The vulnerable code is specific to kubectl.
+
+  - id: CVE-2023-46402
+    aliases:
+      - GHSA-3f2q-6294-fmq5
+    events:
+      - timestamp: 2023-12-03T14:31:28Z
+        type: fixed
+        data:
+          fixed-version: 2.9.3-r1
+
+  - id: CVE-2023-47108
+    aliases:
+      - GHSA-8pgv-569h-w5rw
+    events:
+      - timestamp: 2023-11-28T13:20:25Z
+        type: fixed
+        data:
+          fixed-version: 2.9.2-r1
+
+  - id: CVE-2023-48795
+    aliases:
+      - GHSA-45x7-px36-x8w8
+    events:
+      - timestamp: 2023-12-19T18:23:00Z
+        type: fixed
+        data:
+          fixed-version: 2.9.3-r4
+
+  - id: CVE-2023-49568
+    aliases:
+      - GHSA-mw99-9chc-xw7r
+    events:
+      - timestamp: 2023-12-28T17:55:02Z
+        type: fixed
+        data:
+          fixed-version: 2.9.3-r5
+
+  - id: CVE-2023-5528
+    aliases:
+      - GHSA-hq6q-c2x6-hmch
+    events:
+      - timestamp: 2023-11-28T13:20:36Z
+        type: false-positive-determination
+        data:
+          type: vulnerable-code-not-included-in-package
+          note: This vulnerability affects the Kubernetes application, not the golang k8s.io/kubernetes library. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.
+
+  - id: GHSA-2c7c-3mj9-8fqh
+    events:
+      - timestamp: 2023-11-28T13:25:42Z
+        type: fixed
+        data:
+          fixed-version: 2.9.2-r1
+
+  - id: GHSA-9763-4f94-gfch
+    events:
+      - timestamp: 2024-01-12T07:23:12Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: argo-cd-2.9
+            componentID: e7a3d85fdb2480cf
+            componentName: github.com/cloudflare/circl
+            componentVersion: v1.3.3
+            componentType: go-module
+            componentLocation: /usr/bin/argocd
+            scanner: grype
+      - timestamp: 2024-01-19T12:21:46Z
+        type: fixed
+        data:
+          fixed-version: 2.9.4-r0
+
+  - id: GHSA-c5q2-7r4c-mv6g
+    events:
+      - timestamp: 2024-03-08T07:08:06Z
+        type: detection
+        data:
+          type: scan/v1
+          data:
+            subpackageName: argo-cd-2.9-compat
+            componentID: 3400637b92540817
+            componentName: github.com/go-jose/go-jose/v3
+            componentVersion: v3.0.1
+            componentType: go-module
+            componentLocation: /usr/local/bin/argocd
+            scanner: grype
+      - timestamp: 2024-03-08T10:56:42Z
+        type: fixed
+        data:
+          fixed-version: 2.9.7-r2
diff --git a/tomcat-9.advisories.yaml b/tomcat-9.advisories.yaml
@@ -0,0 +1,14 @@
+schema-version: 2.0.1
+
+package:
+  name: tomcat-9
+
+advisories:
+  - id: CVE-2023-44487
+    aliases:
+      - GHSA-qppj-fm5r-hxr3
+    events:
+      - timestamp: 2023-10-13T12:20:53Z
+        type: fixed
+        data:
+          fixed-version: 9.0.81-r0