Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Entry for gdata ParseExcel vulnerability #12

Merged
merged 5 commits into from
Jan 4, 2024

Conversation

MichaelChirico
Copy link
Contributor

Closes #11

@MichaelChirico
Copy link
Contributor Author

cc @tylfin I'm not sure the formatting requirements. I was mainly confused about how to define fixed, should it be the last broken version or the first fixed version? I assumed the latter, but then should that version be included in versions array as well?

vulns/gdata/RSEC-2023-9.yaml Outdated Show resolved Hide resolved
@tylfin
Copy link
Collaborator

tylfin commented Jan 4, 2024

@MichaelChirico Thanks for adding this, the fixed version should be the first version in which the vulnerability no longer appears, and that version should not appear in the versions list (as these are the affected versions). More on this format available here: https://ossf.github.io/osv-schema/

vulns/gdata/RSEC-2023-9.yaml Outdated Show resolved Hide resolved
@tylfin tylfin merged commit a80f6bf into RConsortium:main Jan 4, 2024
1 check passed
@MichaelChirico MichaelChirico deleted the gdata-vuln branch January 5, 2024 03:00
@MichaelChirico
Copy link
Contributor Author

Thanks for wrapping this up Tyler!!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Some gdata versions affected by CVE on bundled Perl script
2 participants