From d575532f5974103a1fe85a046b8866a5a6a1ae98 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Wed, 13 Mar 2024 18:46:28 +0100 Subject: [PATCH] Revert "drop tomcat-9 and argo-cd-2.9 (#2048)" (#2471) This reverts commit afdb56f93126c95bdea3b4bbfcc73bf6c9c14870. --- argo-cd-2.9.advisories.yaml | 106 ++++++++++++++++++++++++++++++++++++ tomcat-9.advisories.yaml | 14 +++++ 2 files changed, 120 insertions(+) create mode 100644 argo-cd-2.9.advisories.yaml create mode 100644 tomcat-9.advisories.yaml diff --git a/argo-cd-2.9.advisories.yaml b/argo-cd-2.9.advisories.yaml new file mode 100644 index 000000000..8e799373a --- /dev/null +++ b/argo-cd-2.9.advisories.yaml @@ -0,0 +1,106 @@ +schema-version: 2.0.2 + +package: + name: argo-cd-2.9 + +advisories: + - id: CVE-2021-25743 + aliases: + - GHSA-f9jg-8p32-2f55 + events: + - timestamp: 2023-11-28T13:21:30Z + type: false-positive-determination + data: + type: vulnerable-code-not-included-in-package + note: The vulnerable code is specific to kubectl. + + - id: CVE-2023-46402 + aliases: + - GHSA-3f2q-6294-fmq5 + events: + - timestamp: 2023-12-03T14:31:28Z + type: fixed + data: + fixed-version: 2.9.3-r1 + + - id: CVE-2023-47108 + aliases: + - GHSA-8pgv-569h-w5rw + events: + - timestamp: 2023-11-28T13:20:25Z + type: fixed + data: + fixed-version: 2.9.2-r1 + + - id: CVE-2023-48795 + aliases: + - GHSA-45x7-px36-x8w8 + events: + - timestamp: 2023-12-19T18:23:00Z + type: fixed + data: + fixed-version: 2.9.3-r4 + + - id: CVE-2023-49568 + aliases: + - GHSA-mw99-9chc-xw7r + events: + - timestamp: 2023-12-28T17:55:02Z + type: fixed + data: + fixed-version: 2.9.3-r5 + + - id: CVE-2023-5528 + aliases: + - GHSA-hq6q-c2x6-hmch + events: + - timestamp: 2023-11-28T13:20:36Z + type: false-positive-determination + data: + type: vulnerable-code-not-included-in-package + note: This vulnerability affects the Kubernetes application, not the golang k8s.io/kubernetes library. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. + + - id: GHSA-2c7c-3mj9-8fqh + events: + - timestamp: 2023-11-28T13:25:42Z + type: fixed + data: + fixed-version: 2.9.2-r1 + + - id: GHSA-9763-4f94-gfch + events: + - timestamp: 2024-01-12T07:23:12Z + type: detection + data: + type: scan/v1 + data: + subpackageName: argo-cd-2.9 + componentID: e7a3d85fdb2480cf + componentName: github.com/cloudflare/circl + componentVersion: v1.3.3 + componentType: go-module + componentLocation: /usr/bin/argocd + scanner: grype + - timestamp: 2024-01-19T12:21:46Z + type: fixed + data: + fixed-version: 2.9.4-r0 + + - id: GHSA-c5q2-7r4c-mv6g + events: + - timestamp: 2024-03-08T07:08:06Z + type: detection + data: + type: scan/v1 + data: + subpackageName: argo-cd-2.9-compat + componentID: 3400637b92540817 + componentName: github.com/go-jose/go-jose/v3 + componentVersion: v3.0.1 + componentType: go-module + componentLocation: /usr/local/bin/argocd + scanner: grype + - timestamp: 2024-03-08T10:56:42Z + type: fixed + data: + fixed-version: 2.9.7-r2 diff --git a/tomcat-9.advisories.yaml b/tomcat-9.advisories.yaml new file mode 100644 index 000000000..cf80e8013 --- /dev/null +++ b/tomcat-9.advisories.yaml @@ -0,0 +1,14 @@ +schema-version: 2.0.1 + +package: + name: tomcat-9 + +advisories: + - id: CVE-2023-44487 + aliases: + - GHSA-qppj-fm5r-hxr3 + events: + - timestamp: 2023-10-13T12:20:53Z + type: fixed + data: + fixed-version: 9.0.81-r0