Skip to content

Add CVEs to the ignored lists #8458

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
directionless merged 1 commit into from
Oct 23, 2024
Merged

Add CVEs to the ignored lists #8458

directionless merged 1 commit into from
Oct 23, 2024

Conversation

@directionless
Copy link
Member

@directionless directionless commented Oct 23, 2024
edited
Loading

expat

Closes #8415
Closes #8414
Closes #8413

These bugs are about handling untrusted input, but osquery uses expat only to communicate with DBUS, a trusted system level service.

libarchive

Closes #8442
Closes #8441
Closes #8376

These bugs are about decompressing untrusted archives. However, osquery does not use libarchive for this.

yara

Closes #8403
Closes #8264

We believe this is an NVD error -- NVD lists this as effecting 4.2.0, but we believe it was patched in 4.2.0-rc1. See #8264

@directionless
Add CVEs to the ignored lists
dc4dcd5 
Closes osquery#8415
Closes osquery#8414
Closes osquery#8413

These bugs are about handling untrusted input, but osquery uses expat only to communicate with DBUS, a trusted system level service.

Closes osquery#8442
Closes osquery#8441
Closes osquery#8376

These bugs are about decompressing untrusted archives. However, osquery does not use libarchive for this.

Closes osquery#8403
Closes osquery#8264

We believe this is an NVD error -- NVD lists this as effecting 4.2.0, but we believe it was patched in 4.2.0-rc1. See osquery#8264
@directionless directionless requested review from a team as code owners October 23, 2024 01:48
@directionless directionless added CI/CD Anything about the Continuous Integration or Continuous Deployment tool used by the repository cve labels Oct 23, 2024
@directionless directionless merged commit b534877 into osquery:master Oct 23, 2024
@directionless directionless deleted the seph/cve-ignores branch October 23, 2024 19:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Smjert Smjert Smjert approved these changes

Assignees

No one assigned

Labels

CI/CD Anything about the Continuous Integration or Continuous Deployment tool used by the repository cve

Projects

None yet

Milestone

No milestone

2 participants

@directionless @Smjert