griefith/test2
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

CVE checker: Update remarks for latest version

Browse Source 
The mnemonic for the remark Ignored has been split into False Positive
and Not Affected in the recent version of cve_bin_tool, preventing it
from properly parsing the CVS file and not being able to do proper
report.

Use Not Affected, as it is seems to be the closest to what Ignored was
used for in our case.

Pull Request: https://projects.blender.org/blender/blender/pulls/125645
This commit is contained in:
Sergey Sharybin
2024-08-01 10:30:33 +02:00
committed by Sergey Sharybin
parent 7b8640896e
commit 80bf51be27
1 changed files with 35 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

70
build_files/build_environment/cmake/cve_check.csv.in
View File

@@ -1,38 +1,38 @@
vendor,product,version,cve_number,remarks,comment
@OPENJPEG_ID@,CVE-2016-9675,Ignored,issue in convert command line tool not used by blender
@PYTHON_ID@,CVE-2009-2940,Ignored,issue in pygresql not used by blender
@PYTHON_ID@,CVE-2020-29396,Ignored,issue in odoo not used by blender
@PYTHON_ID@,CVE-2021-32052,Ignored,issue in django not used by blender
@PYTHON_ID@,CVE-2009-3720,Ignored,already fixed in libexpat version used
@PYTHON_ID@,CVE-2023-36632,Ignored,not used in blender and not considered a bug upstream
@PYTHON_ID@,CVE-2023-27043,Ignored,not used in blender
@SSL_ID@,CVE-2009-1390,Ignored,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3765,Ignored,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3766,Ignored,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3767,Ignored,issue in ldap not used by blender
@SSL_ID@,CVE-2019-0190,Ignored,issue in apache not used by blender
@TIFF_ID@,CVE-2022-2056,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2057,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2058,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2519,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2520,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2521,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2953,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-34526,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3570,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3597,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3598,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3599,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3626,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3627,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2023-40745,Ignored,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2023-41175,Ignored,issue in tiff command line tool not used by blender
@XML2_ID@,CVE-2016-3709,Ignored,not affecting blender and not considered a security issue upstream
@XML2_ID@,CVE-2023-39615,Ignored,not affecting blender and not considered a security issue upstream
@XML2_ID@,CVE-2020-7595,Ignored,already fixed in the libxml2 version used
@OPENJPEG_ID@,CVE-2016-9675,NotAffected,issue in convert command line tool not used by blender
@PYTHON_ID@,CVE-2009-2940,NotAffected,issue in pygresql not used by blender
@PYTHON_ID@,CVE-2020-29396,NotAffected,issue in odoo not used by blender
@PYTHON_ID@,CVE-2021-32052,NotAffected,issue in django not used by blender
@PYTHON_ID@,CVE-2009-3720,NotAffected,already fixed in libexpat version used
@PYTHON_ID@,CVE-2023-36632,NotAffected,not used in blender and not considered a bug upstream
@PYTHON_ID@,CVE-2023-27043,NotAffected,not used in blender
@SSL_ID@,CVE-2009-1390,NotAffected,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3765,NotAffected,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3766,NotAffected,issue in mutt not used by blender
@SSL_ID@,CVE-2009-3767,NotAffected,issue in ldap not used by blender
@SSL_ID@,CVE-2019-0190,NotAffected,issue in apache not used by blender
@TIFF_ID@,CVE-2022-2056,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2057,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2058,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2519,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2520,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2521,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-2953,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-34526,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3570,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3597,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3598,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3599,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3626,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2022-3627,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2023-40745,NotAffected,issue in tiff command line tool not used by blender
@TIFF_ID@,CVE-2023-41175,NotAffected,issue in tiff command line tool not used by blender
@XML2_ID@,CVE-2016-3709,NotAffected,not affecting blender and not considered a security issue upstream
@XML2_ID@,CVE-2023-39615,NotAffected,not affecting blender and not considered a security issue upstream
@XML2_ID@,CVE-2020-7595,NotAffected,already fixed in the libxml2 version used
@GMP_ID@,CVE-2021-43618,Mitigated,patched using upstream commit 561a9c25298e
@SQLITE_ID@,CVE-2022-35737,Ignored,only affects SQLITE_ENABLE_STAT4 compile option not used by blender or python
@SQLITE_ID@,CVE-2023-7104,Ignored,does not affect blender use of sqlite
@SQLITE_ID@,CVE-2024-0232,Ignored,does not affect blender use of sqlite
@ZLIB_ID@,CVE-2023-45853,Ignored,only affects minizip not used by blender
@SQLITE_ID@,CVE-2022-35737,NotAffected,only affects SQLITE_ENABLE_STAT4 compile option not used by blender or python
@SQLITE_ID@,CVE-2023-7104,NotAffected,does not affect blender use of sqlite
@SQLITE_ID@,CVE-2024-0232,NotAffected,does not affect blender use of sqlite
@ZLIB_ID@,CVE-2023-45853,NotAffected,only affects minizip not used by blender
@SBOMCONTENTS@