Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix openssl' vulnerability for tauri #8668

Open
dongpingx opened this issue Jul 25, 2024 · 0 comments
Open

fix openssl' vulnerability for tauri #8668

dongpingx opened this issue Jul 25, 2024 · 0 comments
Labels
status: new The issue status: new for creation

Comments

@dongpingx
Copy link
Contributor

Trivy Vulnerability Scan Results (misc/config_tools/configurator/packages/configurator/src-tauri/Cargo.lock)

VulnerabilityID Severity CVSS Score Title Library Vulnerable Version Fixed Version Information URL Triage Information
GHSA-q445-7m23-qrmw MEDIUM openssl's MemBio::get_buf has undefined behavior with empty buffers openssl 0.10.60 0.10.66 GHSA-q445-7m23-qrmw
@dongpingx dongpingx added the status: new The issue status: new for creation label Jul 25, 2024
dongpingx added a commit to dongpingx/acrn-hypervisor that referenced this issue Jul 26, 2024
@dongpingx
misc: fix openssl's vulnerability for tauri
53b8559 
Trivy scaned one vulnerability three days ago and we fixed it now.

The title for vulnerability is openssl's `MemBio:get_buf` has undefined
behavior with empty buffers.

I tested through building configurator, launching it and generating
scenario.xml & launch scripts. I confirmed the result is correct.

Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: projectacrn#8668
@dongpingx dongpingx mentioned this issue Jul 26, 2024
Merged
dongpingx added a commit to dongpingx/acrn-hypervisor that referenced this issue Jul 26, 2024
@dongpingx
misc: fix openssl's vulnerability for tauri
05805af 
Trivy scaned one vulnerability three days ago and we fixed it now.

The title for vulnerability is openssl's `MemBio:get_buf` has undefined
behavior with empty buffers.

I tested through building configurator, launching it and generating
scenario.xml & launch scripts. I confirmed the result is correct.

Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: projectacrn#8668
@dongpingx dongpingx mentioned this issue Jul 26, 2024
Merged
acrnsi-robot pushed a commit that referenced this issue Jul 29, 2024
@dongpingx @acrnsi-robot
misc: fix openssl's vulnerability for tauri
fb2acba 
Trivy scaned one vulnerability three days ago and we fixed it now.

The title for vulnerability is openssl's `MemBio:get_buf` has undefined
behavior with empty buffers.

I tested through building configurator, launching it and generating
scenario.xml & launch scripts. I confirmed the result is correct.

Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8668
acrnsi-robot pushed a commit that referenced this issue Jul 30, 2024
@dongpingx @acrnsi-robot
misc: fix openssl's vulnerability for tauri
4924766 
Trivy scaned one vulnerability three days ago and we fixed it now.

The title for vulnerability is openssl's `MemBio:get_buf` has undefined
behavior with empty buffers.

I tested through building configurator, launching it and generating
scenario.xml & launch scripts. I confirmed the result is correct.

Signed-off-by: dongpingx <dongpingx.wu@intel.com>
Tracked-On: #8668
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: new The issue status: new for creation
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dongpingx