CVE's reported to be fixed twice in the secfixes comments/ secdb.alpinelinux.org (#11914) · Issues · alpine / aports

Closed

Open

Opened Sep 02, 2020 by tomer @tomersnyk184 of 184 tasks completed184/184 tasks

Report abuse
New issue

CVE's reported to be fixed twice in the secfixes comments/ secdb.alpinelinux.org

Following up from our chat on IRC, adding here all the cases we found that have the same CVE for different fixed version for a specific package

v3.3 openssl CVE-2017-3738 (fdbb0da2)
v3.4 openssl CVE-2017-3738 (29180d09)
v3.4 php5 CVE-2018-5712 (da800bdf)
v3.5 openssl CVE-2017-3738 (9dd91880)
v3.5 php5 CVE-2018-5712 (67c11dd3)
v3.5 php7 CVE-2018-5712 (df489246)
v3.6 bind CVE-2017-3145 (fa2e4d9e)
v3.6 bind CVE-2017-3142 (fa2e4d9e)
v3.6 bind CVE-2017-3143 (fa2e4d9e)
v3.6 ffmpeg CVE-2017-11665 (60935a48)
v3.6 ghostscript CVE-2019-6116 (8202374b)
v3.6 openssl CVE-2017-3738 (24a4091d)
v3.6 php5 CVE-2018-5712 (3f847fb3)
v3.6 php7 CVE-2018-5712 (244815ce)
v3.6 wireshark CVE-2018-7335 (bd8ad1d0)
v3.6 wireshark CVE-2018-7334 (bd8ad1d0)
v3.6 wireshark CVE-2018-7336 (bd8ad1d0)
v3.7 bind CVE-2017-3145 (cbc49e4f)
v3.7 firefox-esr CVE-2017-7843 (a56ee65a)
v3.7 ghostscript CVE-2019-6116 (413d825a)
v3.7 lame CVE-2017-9410 (5e0c4c47)
v3.7 lame CVE-2017-9411 (5e0c4c47)
v3.7 lame CVE-2017-9412 (5e0c4c47)
v3.7 lame CVE-2015-9099 (5e0c4c47)
v3.7 openssl CVE-2017-3738 (81efcef4)
v3.7 php5 CVE-2018-5712 (89054feb)
v3.7 php7 CVE-2018-5712 (05c7db62)
v3.7 php7 CVE-2018-7584 (05c7db62)
v3.7 sdl CVE-2019-7577 (0b9593eb)
v3.7 wireshark CVE-2017-15191 (b277839a)
v3.7 wireshark CVE-2017-15192 (b277839a)
v3.7 wireshark CVE-2017-15193 (b277839a)
v3.7 wireshark CVE-2017-13765 (b277839a)
v3.7 wireshark CVE-2017-13766 (b277839a)
v3.7 wireshark CVE-2017-13767 (b277839a)
v3.8 exim CVE-2018-6789 (04e42b67)
v3.8 firefox-esr CVE-2017-7843 (268f75ea)
v3.8 ghostscript CVE-2019-6116 (5a4b02d3)
v3.8 lame CVE-2017-9410 (cd6dbbc5)
v3.8 lame CVE-2017-9411 (cd6dbbc5)
v3.8 lame CVE-2017-9412 (cd6dbbc5)
v3.8 lame CVE-2015-9099 (cd6dbbc5)
v3.8 openssl CVE-2017-3738 (90ac76e9)
v3.8 php5 CVE-2018-5712 (f86eadb4)
v3.8 samba CVE-2018-14629 (1ffd0c4c)
v3.8 sdl CVE-2019-7577 (14810256)
v3.8 sqlite CVE-2018-20346 (9001046c)
v3.8 sqlite CVE-2019-19242 (9001046c)
v3.8 wireshark CVE-2017-15191 (7feb5ee1)
v3.8 wireshark CVE-2017-15192 (7feb5ee1)
v3.8 wireshark CVE-2017-15193 (7feb5ee1)
v3.8 wireshark CVE-2017-13765 (7feb5ee1)
v3.8 wireshark CVE-2017-13766 (7feb5ee1)
v3.8 wireshark CVE-2017-13767 (7feb5ee1)
v3.9 exim CVE-2018-6789 (0a5dfd7f)
v3.9 firefox-esr CVE-2017-7843 (a2c80d00)
v3.9 ghostscript CVE-2019-6116 (038246e3)
v3.9 hostapd CVE-2017-13082 (d01d4710)
v3.9 lame CVE-2015-9099 (86cfc54b)
v3.9 lame CVE-2017-9410 (86cfc54b)
v3.9 lame CVE-2017-9411 (86cfc54b)
v3.9 lame CVE-2017-9412 (86cfc54b)
v3.9 libsndfile CVE-2018-19758 (e831cc1b)
v3.9 libvorbis CVE-2018-10393 (f45d0b27)
v3.9 samba CVE-2018-14629 (3bac040e)
v3.9 sdl CVE-2019-7577 (635f81bc)
v3.9 sqlite CVE-2019-19242 (357837f9)
v3.9 wireshark CVE-2017-15191 (e8d61b9a)
v3.9 wireshark CVE-2017-15192 (e8d61b9a)
v3.9 wireshark CVE-2017-15193 (e8d61b9a)
v3.9 wireshark CVE-2017-13765 (e8d61b9a)
v3.9 wireshark CVE-2017-13766 (e8d61b9a)
v3.9 wireshark CVE-2017-13767 (e8d61b9a)
v3.9 wpa_supplicant CVE-2017-13077 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13078 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13079 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13080 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13081 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13082 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13086 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13087 (e6b435d7)
v3.9 wpa_supplicant CVE-2017-13088 (e6b435d7)
v3.9 xen CVE-2019-19579,XSA-306 (bd0c62f6)
v3.10 busybox CVE-2019-5747 (cee91fd2)
v3.10 exim CVE-2018-6789 (8395de3d)
v3.10 firefox-esr CVE-2017-7843 (6b8eb050)
v3.10 ghostscript CVE-2019-6116 (174d3dcd)
v3.10 hostapd CVE-2017-13082 (74857956)
v3.10 lame CVE-2015-9099 (a57b3d9f)
v3.10 lame CVE-2017-9410 (a57b3d9f)
v3.10 lame CVE-2017-9411 (a57b3d9f)
v3.10 lame CVE-2017-9412 (a57b3d9f)
v3.10 libsndfile CVE-2018-19758 (d9c76cb0)
v3.10 libvorbis CVE-2018-10393 (18b62e40)
v3.10 rdesktop CVE-2018-20175 (06cd87d9)
v3.10 rdesktop CVE-2018-20176 (06cd87d9)
v3.10 samba CVE-2018-14629 (d43122c1)
v3.10 sdl CVE-2019-7577 (22f290af)
v3.10 sqlite CVE-2019-19242 (b513c7d9)
v3.10 unbound CVE-2020-12662 (7de63602)
v3.10 unbound CVE-2020-12663 (7de63602)
v3.10 wireshark CVE-2017-15191 (0ca6a6f0)
v3.10 wireshark CVE-2017-15192 (0ca6a6f0)
v3.10 wireshark CVE-2017-15193 (0ca6a6f0)
v3.10 wireshark CVE-2017-13765 (0ca6a6f0)
v3.10 wireshark CVE-2017-13766 (0ca6a6f0)
v3.10 wireshark CVE-2017-13767 (0ca6a6f0)
v3.10 wpa_supplicant CVE-2019-11555 (6104fab1)
v3.10 wpa_supplicant CVE-2017-13077 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13078 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13079 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13080 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13081 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13082 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13086 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13087 (db21cf64)
v3.10 wpa_supplicant CVE-2017-13088 (db21cf64)
v3.11 busybox CVE-2019-5747 (5086c803)
v3.11 exim CVE-2018-6789 (73d689f0)
v3.11 firefox-esr CVE-2017-7843 (235d94b8)
v3.11 ghostscript CVE-2019-6116 (a7731895)
v3.11 hostapd CVE-2017-13082 (6d852c12)
v3.11 lame CVE-2015-9099 (4682ce00)
v3.11 lame CVE-2017-9410 (4682ce00)
v3.11 lame CVE-2017-9411 (4682ce00)
v3.11 lame CVE-2017-9412 (4682ce00)
v3.11 libsndfile CVE-2018-19758 (aba083c6)
v3.11 libvorbis CVE-2018-10393 (28c3640a)
v3.11 rdesktop CVE-2018-20175 (32b2d233)
v3.11 rdesktop CVE-2018-20176 (32b2d233)
v3.11 samba CVE-2018-14629 (ee1c2d92)
v3.11 sdl CVE-2019-7577 (f149d00e)
v3.11 sqlite CVE-2019-19242 (71fcdfce)
v3.11 tor CVE-2019-8955 (945ddd42)
v3.11 wireshark CVE-2017-13765 (062cbfcf)
v3.11 wireshark CVE-2017-13766 (062cbfcf)
v3.11 wireshark CVE-2017-13767 (062cbfcf)
v3.11 wireshark CVE-2017-15191 (062cbfcf)
v3.11 wireshark CVE-2017-15192 (062cbfcf)
v3.11 wireshark CVE-2017-15193 (062cbfcf)
v3.11 wpa_supplicant CVE-2019-11555 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13077 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13078 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13079 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13080 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13081 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13082 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13086 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13087 (e84bb0f6)
v3.11 wpa_supplicant CVE-2017-13088 (e84bb0f6)
v3.12 busybox CVE-2019-5747 (d674ed89)
v3.12 clamav CVE-2020-3123 (d674ed89)
v3.12 exim CVE-2018-6789 (8069e74a)
v3.12 firefox-esr CVE-2017-7843 (d674ed89)
v3.12 ghostscript CVE-2019-6116 (880b8f85)
v3.12 hostapd CVE-2017-13082 (d674ed89)
v3.12 lame CVE-2015-9099 (d674ed89)
v3.12 lame CVE-2017-9410 (d674ed89)
v3.12 lame CVE-2017-9411 (d674ed89)
v3.12 lame CVE-2017-9412 (d674ed89)
v3.12 libsndfile CVE-2018-19758 (d674ed89)
v3.12 libvorbis CVE-2018-10393 (d674ed89)
v3.12 rdesktop CVE-2018-20175 (d674ed89)
v3.12 rdesktop CVE-2018-20176 (d674ed89)
v3.12 samba CVE-2018-14629 (eeaffa45)
v3.12 sdl CVE-2019-7577 (d674ed89)
v3.12 sqlite CVE-2019-19242 (d674ed89)
v3.12 tor CVE-2019-8955 (d674ed89)
v3.12 wireshark CVE-2017-15191 (12743c84)
v3.12 wireshark CVE-2017-15192 (12743c84)
v3.12 wireshark CVE-2017-15193 (12743c84)
v3.12 wireshark CVE-2017-13765 (12743c84)
v3.12 wireshark CVE-2017-13766 (12743c84)
v3.12 wireshark CVE-2017-13767 (12743c84)
v3.12 wpa_supplicant CVE-2017-13077 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13078 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13079 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13080 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13081 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13082 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13086 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13087 (48fb8266)
v3.12 wpa_supplicant CVE-2017-13088 (48fb8266)
v3.12 wpa_supplicant CVE-2019-11555 (48fb8266)

For the cases shown above, it isn't well defined which of the versions should be expected as the initial fixed version for the CVE. If you're able to fix those, that's great. Otherwise, if you're able to let us know which one we should treat as the initial fixed version, we can report the correct versions in Snyk.

As @ncopa suggested - #11912, it will be awesome if we could prevent this cases from happening at all - this would help us have more accurate and correct understanding of the security fixes 🙏

Thanks!

Hey @Leo @ncopa :wave:!

Following up from our chat on IRC, adding here all the cases we found that have the same CVE for different fixed version for a specific package

- [x] v3.3 openssl CVE-2017-3738 (fdbb0da20b1753c914ec6a875aba5f822ea14112)
- [x] v3.4 openssl CVE-2017-3738 (29180d09249debd2664515ab070994f786ea062c)
- [x] v3.4 php5 CVE-2018-5712 (da800bdf92b52780d530ccd62124244158fbc906)
- [x] v3.5 openssl CVE-2017-3738 (9dd91880b841901a329b7e6106e8fb8cbb18bf58)
- [x] v3.5 php5 CVE-2018-5712 (67c11dd3adcfbfd16efd92aefff956d134173819)
- [x] v3.5 php7 CVE-2018-5712 (df489246d9495cfe9a9f2f8788f27f409af7e1e2)
- [x] v3.6 bind CVE-2017-3145 (fa2e4d9ed31c04dfb86417c73c843c17548a70cb)
- [x] v3.6 bind CVE-2017-3142 (fa2e4d9ed31c04dfb86417c73c843c17548a70cb)
- [x] v3.6 bind CVE-2017-3143 (fa2e4d9ed31c04dfb86417c73c843c17548a70cb)
- [x] v3.6 ffmpeg CVE-2017-11665 (60935a48a04a4d44dcb85fbb77afe205b45a118a)
- [x] v3.6 ghostscript CVE-2019-6116 (8202374bff865de300bfb515aeda769c74e2934b)
- [x] v3.6 openssl CVE-2017-3738 (24a4091d7bad11126019af6e755e2bd1c4cec58c)
- [x] v3.6 php5 CVE-2018-5712 (3f847fb3ac68917f2ba63615e9896289467e7602)
- [x] v3.6 php7 CVE-2018-5712 (244815ceb1ccbd824a6546386b14c9c1709c4b70)
- [x] v3.6 wireshark CVE-2018-7335 (bd8ad1d0d3552d0c8388277af95353b144ad48c5)
- [x] v3.6 wireshark CVE-2018-7334 (bd8ad1d0d3552d0c8388277af95353b144ad48c5)
- [x] v3.6 wireshark CVE-2018-7336 (bd8ad1d0d3552d0c8388277af95353b144ad48c5)
- [x] v3.7 bind CVE-2017-3145 (cbc49e4fa030d37b162abb7a0f927f23b14bd7d2)
- [x] v3.7 firefox-esr CVE-2017-7843 (a56ee65a13ad08abc5912e99e53350607d9244b2)
- [x] v3.7 ghostscript CVE-2019-6116 (413d825a4dd91f1844be576faaf171d85c2e8dab)
- [x] v3.7 lame CVE-2017-9410 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 lame CVE-2017-9411 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 lame CVE-2017-9412 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 lame CVE-2015-9099 (5e0c4c47f361ded66a31cc95086051cfbaf72ecd)
- [x] v3.7 openssl CVE-2017-3738 (81efcef4e47735342ff6ec703342ceac612ab08e)
- [x] v3.7 php5 CVE-2018-5712 (89054febb84496a28c1fcd9e93cd4be07019cc5a)
- [x] v3.7 php7 CVE-2018-5712 (05c7db6273d283c074f592ecdfdb24962972d2f7)
- [x] v3.7 php7 CVE-2018-7584 (05c7db6273d283c074f592ecdfdb24962972d2f7)
- [x] v3.7 sdl CVE-2019-7577 (0b9593eb3e442f7ffc9637fdbc3b6b718de760a2)
- [x] v3.7 wireshark CVE-2017-15191 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-15192 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-15193 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-13765 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-13766 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.7 wireshark CVE-2017-13767 (b277839a4df972a168cfb297581f3b0bdb182b7c)
- [x] v3.8 exim CVE-2018-6789 (04e42b67607f27c9a9f0de508cb9a76b17545ae0)
- [x] v3.8 firefox-esr CVE-2017-7843 (268f75ea1dfff471bf223fba0006dd26e2d9db99)
- [x] v3.8 ghostscript CVE-2019-6116 (5a4b02d348f1cf28383716d57e9f6f5e01961533)
- [x] v3.8 lame CVE-2017-9410 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 lame CVE-2017-9411 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 lame CVE-2017-9412 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 lame CVE-2015-9099 (cd6dbbc5bd2c2e789a964eab886ca83208266cc8)
- [x] v3.8 openssl CVE-2017-3738 (90ac76e9e71f4c04f4d3272ccddbec73432b006c)
- [x] v3.8 php5 CVE-2018-5712 (f86eadb4774f574b4817a9478d105e6e46086409)
- [x] v3.8 samba CVE-2018-14629 (1ffd0c4cd3320861dc492dadab9b301ae46cf940)
- [x] v3.8 sdl CVE-2019-7577 (14810256dfb9a67456e1e5575d12f1da1b8c9363)
- [x] v3.8 sqlite CVE-2018-20346 (9001046cd0ab9384287ae19cabbe48da791fc228)
- [x] v3.8 sqlite CVE-2019-19242 (9001046cd0ab9384287ae19cabbe48da791fc228)
- [x] v3.8 wireshark CVE-2017-15191 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-15192 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-15193 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-13765 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-13766 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.8 wireshark CVE-2017-13767 (7feb5ee19fa812272eecbbe62f352e17f4139857)
- [x] v3.9 exim CVE-2018-6789 (0a5dfd7ffad2fb4f5afd7c3662b2fe0b7a9e4d1f)
- [x] v3.9 firefox-esr CVE-2017-7843 (a2c80d00ba77e9bc5d6409a89c7ba878edb1aa43)
- [x] v3.9 ghostscript CVE-2019-6116 (038246e38e3bfc238233a135099f18a6861748c7)
- [x] v3.9 hostapd CVE-2017-13082 (d01d4710894fca29153c206187cef34ecea5adba)
- [x] v3.9 lame CVE-2015-9099 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 lame CVE-2017-9410 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 lame CVE-2017-9411 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 lame CVE-2017-9412 (86cfc54be6e153f58d6cf07280ef42b9402d9621)
- [x] v3.9 libsndfile CVE-2018-19758 (e831cc1b68dcf8de4a10f48cb4024543ca0b190d)
- [x] v3.9 libvorbis CVE-2018-10393 (f45d0b27d75b5f5c7fd59fcf4a1d5ddb6bbddad5)
- [x] v3.9 samba CVE-2018-14629 (3bac040ea858e606f8542fe706179cebe880d322)
- [x] v3.9 sdl CVE-2019-7577 (635f81bc184683783db7e4075ff002bee6ee30f6)
- [x] v3.9 sqlite CVE-2019-19242 (357837f918f2af34d95f6d1412d9426c76e96ac0)
- [x] v3.9 wireshark CVE-2017-15191 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-15192 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-15193 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-13765 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-13766 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wireshark CVE-2017-13767 (e8d61b9ac40c4533c56336698e63d03a41be17f0)
- [x] v3.9 wpa_supplicant CVE-2017-13077 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13078 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13079 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13080 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13081 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13082 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13086 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13087 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 wpa_supplicant CVE-2017-13088 (e6b435d750a3e50ab3900fb961187c4bef094cab)
- [x] v3.9 xen CVE-2019-19579,XSA-306 (bd0c62f6b9c88da21a1df03c538b4ad5feae4ec1)
- [x] v3.10 busybox CVE-2019-5747 (cee91fd29b5ab25582daad5b656926434215c526)
- [x] v3.10 exim CVE-2018-6789 (8395de3dd337a1f7ba74e8912949259885838bd4)
- [x] v3.10 firefox-esr CVE-2017-7843 (6b8eb050897be275f01508a9b179df6e19d6e165)
- [x] v3.10 ghostscript CVE-2019-6116 (174d3dcdf9c57fff9b809bf4b85b34611bc5ca26)
- [x] v3.10 hostapd CVE-2017-13082 (7485795662c9ff3143ea1ad1f01ac62e54c98e42)
- [x] v3.10 lame CVE-2015-9099 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 lame CVE-2017-9410 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 lame CVE-2017-9411 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 lame CVE-2017-9412 (a57b3d9fc5e242b95282e0cf9fcb25fc94cdd58c)
- [x] v3.10 libsndfile CVE-2018-19758 (d9c76cb0a3f5dc6d772c077670c54c8d426f22ab)
- [x] v3.10 libvorbis CVE-2018-10393 (18b62e4064585644169ba78b1e822eeeb1700b88)
- [x] v3.10 rdesktop CVE-2018-20175 (06cd87d9668cd50e0cce527675e0a4a957880bc6)
- [x] v3.10 rdesktop CVE-2018-20176 (06cd87d9668cd50e0cce527675e0a4a957880bc6)
- [x] v3.10 samba CVE-2018-14629 (d43122c11e9d50586a5da728cf0ca1668e315565)
- [x] v3.10 sdl CVE-2019-7577 (22f290af7ffbdf9e944110770b93d2b4b9870637)
- [x] v3.10 sqlite CVE-2019-19242 (b513c7d94bb3d9a92ab2fe7f8a7be4ee7cd4d960)
- [x] v3.10 unbound CVE-2020-12662 (7de636025945747f96f6f7c384e1fb718330140b)
- [x] v3.10 unbound CVE-2020-12663 (7de636025945747f96f6f7c384e1fb718330140b)
- [x] v3.10 wireshark CVE-2017-15191 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-15192 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-15193 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-13765 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-13766 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wireshark CVE-2017-13767 (0ca6a6f01202d2ce391c6e9fb774e73991ac20b9)
- [x] v3.10 wpa_supplicant CVE-2019-11555 (6104fab14e0d4f9fc3a1856ccd610db3e5a5f966)
- [x] v3.10 wpa_supplicant CVE-2017-13077 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13078 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13079 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13080 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13081 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13082 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13086 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13087 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.10 wpa_supplicant CVE-2017-13088 (db21cf64c65c55907e7fbc209202ff434701b5ff)
- [x] v3.11 busybox CVE-2019-5747 (5086c803952ad718b70b4dce8db0106d6de69a3f)
- [x] v3.11 exim CVE-2018-6789 (73d689f0582595d9ac3a51ef7a28fc8cba82db95)
- [x] v3.11 firefox-esr CVE-2017-7843 (235d94b82a05a7014c9efe904ba1ada934370d2d)
- [x] v3.11 ghostscript CVE-2019-6116 (a77318953d9b30f1d20efd372749e0e1adaf316e)
- [x] v3.11 hostapd CVE-2017-13082 (6d852c12b2c390bcf558cb649d9ed89a5a3c06a8)
- [x] v3.11 lame CVE-2015-9099 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 lame CVE-2017-9410 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 lame CVE-2017-9411 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 lame CVE-2017-9412 (4682ce00611e4a9d1a77a815c767ffe85e4c55e5)
- [x] v3.11 libsndfile CVE-2018-19758 (aba083c6205d4219a5226f0f483e1a)
- [x] v3.11 libvorbis CVE-2018-10393 (28c3640a4801f078d04351861dad3e6a4bb071d7)
- [x] v3.11 rdesktop CVE-2018-20175 (32b2d233fc49232cfa743617a4bd9f8c281b73d8)
- [x] v3.11 rdesktop CVE-2018-20176 (32b2d233fc49232cfa743617a4bd9f8c281b73d8)
- [x] v3.11 samba CVE-2018-14629 (ee1c2d92411b942f6c51608657045f11cf497f5f)
- [x] v3.11 sdl CVE-2019-7577 (f149d00ef4ae06d6537aee912a58019fd6d0b4c5)
- [x] v3.11 sqlite CVE-2019-19242 (71fcdfce7595c5e8e9ccc486ba1bb762994cdbba)
- [x] v3.11 tor CVE-2019-8955 (945ddd429b5fbf78ba4c02b2ff22ff99d6ed76f4)
- [x] v3.11 wireshark CVE-2017-13765 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-13766 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-13767 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-15191 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-15192 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wireshark CVE-2017-15193 (062cbfcf5e43e95e5ba75cdd42cedde267b9da75)
- [x] v3.11 wpa_supplicant CVE-2019-11555 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13077 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13078 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13079 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13080 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13081 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13082 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13086 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13087 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.11 wpa_supplicant CVE-2017-13088 (e84bb0f63001de2582817c717f64bf75c58ba297)
- [x] v3.12 busybox CVE-2019-5747 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 clamav CVE-2020-3123 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 exim CVE-2018-6789 (8069e74a2a50bf3a85175552330814017ddd7d50)
- [x] v3.12 firefox-esr CVE-2017-7843 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 ghostscript CVE-2019-6116 (880b8f85d82cd930babae4443e52beaa6b8e38b7)
- [x] v3.12 hostapd CVE-2017-13082 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2015-9099 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2017-9410 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2017-9411 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 lame CVE-2017-9412 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 libsndfile CVE-2018-19758 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 libvorbis CVE-2018-10393 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 rdesktop CVE-2018-20175 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 rdesktop CVE-2018-20176 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 samba CVE-2018-14629 (eeaffa453f2c3f950ef79845278efe7a13d9b960)
- [x] v3.12 sdl CVE-2019-7577 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 sqlite CVE-2019-19242 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 tor CVE-2019-8955 (d674ed89f91ccc24468e27d5dcde264eb734f58c)
- [x] v3.12 wireshark CVE-2017-15191 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-15192 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-15193 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-13765 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-13766 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wireshark CVE-2017-13767 (12743c84c36f8ee831979e5d9cfbc7a49d063fab)
- [x] v3.12 wpa_supplicant CVE-2017-13077 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13078 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13079 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13080 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13081 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13082 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13086 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13087 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2017-13088 (48fb8266320f52c98c5d0d62836c03dbd242072e)
- [x] v3.12 wpa_supplicant CVE-2019-11555 (48fb8266320f52c98c5d0d62836c03dbd242072e)

For the cases shown above, it isn't well defined which of the versions should be expected as the initial fixed version for the CVE. 
If you're able to fix those, that's great. Otherwise, if you're able to let us know which one we should treat as the initial fixed version, we can report the correct versions in Snyk.

As @ncopa suggested - https://gitlab.alpinelinux.org/alpine/aports/-/issues/11912, it will be awesome if we could prevent this cases from happening at all - this would help us have more accurate and correct understanding of the security fixes :pray:

Thanks!

Edited Oct 20, 2020 by Natanael Copa

To upload designs, you'll need to enable LFS. More information

Assignee

Assign to

None

Milestone

None

Assign milestone

Time tracking

None

Due date

None

Labels

None

Assign labels

View project labels

Reference: alpine/aports#11914