Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for globally suppressing CVEs #105

Open
kaniini opened this issue Jul 24, 2023 · 2 comments
Open

Add support for globally suppressing CVEs #105

kaniini opened this issue Jul 24, 2023 · 2 comments
Assignees
@kaniini
Labels
enhancement New feature or request

Comments

@kaniini
Copy link
Collaborator

kaniini commented Jul 24, 2023

Description

There are a lot of CVEs, such as CVE-2023-35116, where we will just want to suppress them across all packages. Presently, we have to do this in every single package we want to NAK the CVE in, but being able to do it in all packages would be helpful.

It might be worth extending the secfixes feed for this.
@kaniini kaniini added the enhancement New feature or request label Jul 24, 2023
@luhring
Copy link
Collaborator

luhring commented Jul 30, 2023

Interesting idea. Can you expand on the problem scenario a bit? What about the CVE is such that we'd want to NAK it for every package?

@kaniini
Copy link
Collaborator Author

kaniini commented Jul 31, 2023

ReDoS type vulnerabilities for one, disputed vulnerabilities like the one I specified above also.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kaniini kaniini

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kaniini @luhring