pkg
pkg copied to clipboard
Published
20 hours ago •
freebsd
freebsd
Not same data whenuse `pkg audit --raw=json` with `-q` and without
Hi,
I have a script to get the pkg audit in JSON format by my monitoring tool and after to create tickets.
pkg version 1.20.9 under FreeBSD 13.2
It's using -F to force get vulnerabilities data to be sure it's up to date:
/usr/local/sbin/pkg audit -F --raw=json-compact -q
With the -q, I got only the json data, not other text.
But I haven't the same data in json (not same list of CVE) if I do the same command without the -q
This is the 2 differences (I use --raw=json to be more readable), you can see the problem for the gitlab-ce:
# /usr/local/sbin/pkg audit --raw=json -q
{
"pkg_count": 6,
"packages": {
"c-ares": {
"version": "1.21.0",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 1.27.0"
],
"description": "dns/c-ares -- malformatted file causes application crash",
"cve": [
"CVE-2024-25629"
],
"url": "https://vuxml.FreeBSD.org/freebsd/255bf44c-d298-11ee-9c27-40b034429ecf.html"
}
],
"reverse dependencies": [
"node20",
"rubygem-execjs",
"rubygem-autoprefixer-rails1025",
"gitlab-ce",
"rubygem-terser",
"rubygem-uglifier",
"yarn-node20",
"yarn",
"rubygem-grpc",
"rubygem-gapic-common",
"rubygem-google-cloud-profiler-v2",
"rubygem-gitlab-labkit",
"rubygem-kas-grpc",
"rubygem-gitaly",
"rubygem-spamcheck",
"rubygem-googleapis-common-protos",
"grpc"
]
},
"libgit2": {
"version": "1.6.4",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 1.6.5",
">= 1.7.0 : < 1.7.2"
],
"description": "Libgit2 -- multiple vulnerabilities",
"cve": [
"CVE-2024-24577"
],
"url": "https://vuxml.FreeBSD.org/freebsd/43768ff3-c683-11ee-97d0-001b217b3468.html"
}
],
"reverse dependencies": [
"rubygem-rugged",
"gitlab-ce",
"rubygem-licensee"
]
},
"gitlab-ce": {
"version": "16.5.1_2",
"issue_count": 1,
"issues": [
{
"Affected versions": [
">= 8.13.0 : < 16.4.3",
">= 16.5.0 : < 16.5.3",
">= 16.6.0 : < 16.6.1"
],
"description": "Gitlab -- Vulnerabilities",
"cve": [
"CVE-2023-3443",
"CVE-2023-4658",
"CVE-2023-3964",
"CVE-2023-4317",
"CVE-2023-4912",
"CVE-2023-5995",
"CVE-2023-5226",
"CVE-2023-3949",
"CVE-2023-6396",
"CVE-2023-6033"
],
"url": "https://vuxml.FreeBSD.org/freebsd/3b14b2b4-9014-11ee-98b3-001b217b3468.html"
}
],
"reverse dependencies": [
]
},
"openexr": {
"version": "3.2.1",
"issue_count": 1,
"issues": [
{
"Affected versions": [
">= 3.2.0 : < 3.2.2",
"< 3.1.12"
],
"description": "openexr -- Heap Overflow in Scanline Deep Data Parsing",
"cve": [
"CVE-2023-5841"
],
"url": "https://vuxml.FreeBSD.org/freebsd/f161a5ad-c9bd-11ee-b7a7-353f1e043d9a.html"
}
],
"reverse dependencies": [
"vips",
"rubygem-ruby-vips",
"rubygem-image_processing",
"rubygem-rails70",
"gitlab-ce",
"rubygem-gettext_i18n_rails_js-rails70",
"rubygem-invisible_captcha",
"ImageMagick7",
"rubygem-mini_magick410",
"rubygem-mini_magick",
"libjxl",
"ffmpeg",
"libheif",
"aom"
]
},
"rubygem-rack16": {
"version": "1.6.13",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 1.6.14"
],
"description": "rack -- Multiple vulnerabilities",
"cve": [
"CVE-2022-44572",
"CVE-2022-44571",
"CVE-2022-44570"
],
"url": "https://vuxml.FreeBSD.org/freebsd/95176ba5-9796-11ed-bfbf-080027f5fec9.html"
}
],
"reverse dependencies": [
"rubygem-request_store",
"gitlab-ce",
"rubygem-gon-rails70",
"rubygem-lograge-rails70",
"rubygem-gitlab-experiment",
"rubygem-rack-test",
"rubygem-actionpack70",
"rubygem-redis-actionpack-rails70",
"rubygem-gitlab-labkit",
"rubygem-apollo_upload_server",
"rubygem-marginalia",
"rubygem-rails70",
"rubygem-gettext_i18n_rails_js-rails70",
"rubygem-invisible_captcha",
"rubygem-turbo-rails-rails70",
"rubygem-propshaft-rails70",
"rubygem-responders-rails70",
"rubygem-devise48-rails70",
"rubygem-devise-rails70",
"rubygem-devise-two-factor41-rails70",
"rubygem-actiontext70",
"rubygem-actionmailbox70",
"rubygem-importmap-rails-rails70",
"rubygem-actioncable70",
"rubygem-actionmailer70",
"rubygem-premailer-rails110-rails70",
"rubygem-sprockets-rails-rails70",
"rubygem-sassc-rails-rails70",
"rubygem-graphiql-rails",
"rubygem-activestorage70",
"rubygem-railties70",
"rubygem-peek-rails70",
"rubygem-rails-i18n-rails70",
"rubygem-vite_rails-rails70",
"rubygem-health_check-rails70",
"rubygem-sentry-rails",
"rubygem-doorkeeper-rails70",
"rubygem-doorkeeper-openid_connect",
"rubygem-jsbundling-rails-rails70",
"rubygem-cssbundling-rails-rails70",
"rubygem-tailwindcss-rails-rails70",
"rubygem-stimulus-rails-rails70",
"rubygem-capybara"
]
},
"curl": {
"version": "8.4.0",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 8.6.0"
],
"description": "curl -- OCSP verification bypass with TLS session reuse",
"cve": [
"CVE-2024-0853"
],
"url": "https://vuxml.FreeBSD.org/freebsd/02e33cd1-c655-11ee-8613-08002784c58d.html"
}
],
"reverse dependencies": [
"rust",
"zabbix6-agent",
"git",
"gitlab-ce",
"gitaly",
"rubygem-git",
"rubygem-danger",
"rubygem-gitlab-dangerfiles",
"rubygem-danger-gitlab",
"cfitsio",
"vips",
"rubygem-ruby-vips",
"rubygem-image_processing",
"rubygem-rails70",
"rubygem-gettext_i18n_rails_js-rails70",
"rubygem-invisible_captcha",
"rubygem-ethon",
"rubygem-typhoeus"
]
}
}
}
# /usr/local/sbin/pkg audit --raw=json
{
"pkg_count": 6,
"packages": {
"c-ares": {
"version": "1.21.0",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 1.27.0"
],
"description": "dns/c-ares -- malformatted file causes application crash",
"cve": [
"CVE-2024-25629"
],
"url": "https://vuxml.FreeBSD.org/freebsd/255bf44c-d298-11ee-9c27-40b034429ecf.html"
}
],
"reverse dependencies": [
"node20",
"rubygem-execjs",
"rubygem-autoprefixer-rails1025",
"gitlab-ce",
"rubygem-terser",
"rubygem-uglifier",
"yarn-node20",
"yarn",
"rubygem-grpc",
"rubygem-gapic-common",
"rubygem-google-cloud-profiler-v2",
"rubygem-gitlab-labkit",
"rubygem-kas-grpc",
"rubygem-gitaly",
"rubygem-spamcheck",
"rubygem-googleapis-common-protos",
"grpc"
]
},
"libgit2": {
"version": "1.6.4",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 1.6.5",
">= 1.7.0 : < 1.7.2"
],
"description": "Libgit2 -- multiple vulnerabilities",
"cve": [
"CVE-2024-24577"
],
"url": "https://vuxml.FreeBSD.org/freebsd/43768ff3-c683-11ee-97d0-001b217b3468.html"
}
],
"reverse dependencies": [
"rubygem-rugged",
"gitlab-ce",
"rubygem-licensee"
]
},
"gitlab-ce": {
"version": "16.5.1_2",
"issue_count": 6,
"issues": [
{
"Affected versions": [
">= 8.13.0 : < 16.4.3",
">= 16.5.0 : < 16.5.3",
">= 16.6.0 : < 16.6.1"
],
"description": "Gitlab -- Vulnerabilities",
"cve": [
"CVE-2023-3443",
"CVE-2023-4658",
"CVE-2023-3964",
"CVE-2023-4317",
"CVE-2023-4912",
"CVE-2023-5995",
"CVE-2023-5226",
"CVE-2023-3949",
"CVE-2023-6396",
"CVE-2023-6033"
],
"url": "https://vuxml.FreeBSD.org/freebsd/3b14b2b4-9014-11ee-98b3-001b217b3468.html"
},
{
"Affected versions": [
">= 8.17.0 : < 16.4.4",
">= 16.5.0 : < 16.5.4",
">= 16.6.0 : < 16.6.2"
],
"description": "Gitlab -- vulnerabilities",
"cve": [
"CVE-2023-3511",
"CVE-2023-5061",
"CVE-2023-3904",
"CVE-2023-5512",
"CVE-2023-3907",
"CVE-2023-6051",
"CVE-2023-6564",
"CVE-2023-6680"
],
"url": "https://vuxml.FreeBSD.org/freebsd/e2fb85ce-9a3c-11ee-af26-001b217b3468.html"
},
{
"Affected versions": [
">= 8.13.0 : < 16.5.6",
">= 16.6.0 : < 16.6.4",
">= 16.7.0 : < 16.7.2"
],
"description": "Gitlab -- vulnerabilities",
"cve": [
"CVE-2023-2030",
"CVE-2023-6955",
"CVE-2023-4812",
"CVE-2023-5356",
"CVE-2023-7028"
],
"url": "https://vuxml.FreeBSD.org/freebsd/4c8c2218-b120-11ee-90ec-001b217b3468.html"
},
{
"Affected versions": [
">= 11.3.0 : < 16.7.6",
">= 16.8.0 : < 16.8.3",
">= 16.9.0 : < 16.9.1"
],
"description": "Gitlab -- Vulnerabilities",
"cve": [
"CVE-2024-0410",
"CVE-2023-3509",
"CVE-2024-0861",
"CVE-2023-4895",
"CVE-2024-1525",
"CVE-2023-6736",
"CVE-2023-6477",
"CVE-2024-1451"
],
"url": "https://vuxml.FreeBSD.org/freebsd/03bf5157-d145-11ee-acee-001b217b3468.html"
},
{
"Affected versions": [
">= 12.7.0 : < 16.5.8",
">= 16.6.0 : < 16.6.6",
">= 16.7.0 : < 16.7.4",
">= 16.8.0 : < 16.8.1"
],
"description": "Gitlab -- vulnerabilities",
"cve": [
"CVE-2024-0456",
"CVE-2023-5612",
"CVE-2023-5933",
"CVE-2023-6159",
"CVE-2024-0402"
],
"url": "https://vuxml.FreeBSD.org/freebsd/61fe903b-bc2e-11ee-b06e-001b217b3468.html"
},
{
"Affected versions": [
">= 13.3.0 : < 16.6.7",
">= 16.7.0 : < 16.7.5",
">= 16.8.0 : < 16.8.2"
],
"description": "Gitlab -- vulnerabilities",
"cve": [
"CVE-2024-1066",
"CVE-2023-6386",
"CVE-2023-6840",
"CVE-2024-1250"
],
"url": "https://vuxml.FreeBSD.org/freebsd/6b2cba6a-c6a5-11ee-97d0-001b217b3468.html"
}
],
"reverse dependencies": [
]
},
"openexr": {
"version": "3.2.1",
"issue_count": 1,
"issues": [
{
"Affected versions": [
">= 3.2.0 : < 3.2.2",
"< 3.1.12"
],
"description": "openexr -- Heap Overflow in Scanline Deep Data Parsing",
"cve": [
"CVE-2023-5841"
],
"url": "https://vuxml.FreeBSD.org/freebsd/f161a5ad-c9bd-11ee-b7a7-353f1e043d9a.html"
}
],
"reverse dependencies": [
"vips",
"rubygem-ruby-vips",
"rubygem-image_processing",
"rubygem-rails70",
"gitlab-ce",
"rubygem-gettext_i18n_rails_js-rails70",
"rubygem-invisible_captcha",
"ImageMagick7",
"rubygem-mini_magick410",
"rubygem-mini_magick",
"libjxl",
"ffmpeg",
"libheif",
"aom"
]
},
"rubygem-rack16": {
"version": "1.6.13",
"issue_count": 3,
"issues": [
{
"Affected versions": [
"< 1.6.14"
],
"description": "rack -- Multiple vulnerabilities",
"cve": [
"CVE-2022-44572",
"CVE-2022-44571",
"CVE-2022-44570"
],
"url": "https://vuxml.FreeBSD.org/freebsd/95176ba5-9796-11ed-bfbf-080027f5fec9.html"
},
{
"Affected versions": [
"< 1.6.14"
],
"description": "rack -- possible DoS vulnerability in multipart MIME parsing",
"cve": [
"CVE-2023-27530"
],
"url": "https://vuxml.FreeBSD.org/freebsd/f0798a6a-bbdb-11ed-ba99-080027f5fec9.html"
},
{
"Affected versions": [
"< 1.6.14"
],
"description": "rack -- possible denial of service vulnerability in header parsing",
"cve": [
"CVE-2023-27539"
],
"url": "https://vuxml.FreeBSD.org/freebsd/2fdb053c-ca25-11ed-9d7e-080027f5fec9.html"
}
],
"reverse dependencies": [
"rubygem-request_store",
"gitlab-ce",
"rubygem-gon-rails70",
"rubygem-lograge-rails70",
"rubygem-gitlab-experiment",
"rubygem-rack-test",
"rubygem-actionpack70",
"rubygem-redis-actionpack-rails70",
"rubygem-gitlab-labkit",
"rubygem-apollo_upload_server",
"rubygem-marginalia",
"rubygem-rails70",
"rubygem-gettext_i18n_rails_js-rails70",
"rubygem-invisible_captcha",
"rubygem-turbo-rails-rails70",
"rubygem-propshaft-rails70",
"rubygem-responders-rails70",
"rubygem-devise48-rails70",
"rubygem-devise-rails70",
"rubygem-devise-two-factor41-rails70",
"rubygem-actiontext70",
"rubygem-actionmailbox70",
"rubygem-importmap-rails-rails70",
"rubygem-actioncable70",
"rubygem-actionmailer70",
"rubygem-premailer-rails110-rails70",
"rubygem-sprockets-rails-rails70",
"rubygem-sassc-rails-rails70",
"rubygem-graphiql-rails",
"rubygem-activestorage70",
"rubygem-railties70",
"rubygem-peek-rails70",
"rubygem-rails-i18n-rails70",
"rubygem-vite_rails-rails70",
"rubygem-health_check-rails70",
"rubygem-sentry-rails",
"rubygem-doorkeeper-rails70",
"rubygem-doorkeeper-openid_connect",
"rubygem-jsbundling-rails-rails70",
"rubygem-cssbundling-rails-rails70",
"rubygem-tailwindcss-rails-rails70",
"rubygem-stimulus-rails-rails70",
"rubygem-capybara"
]
},
"curl": {
"version": "8.4.0",
"issue_count": 1,
"issues": [
{
"Affected versions": [
"< 8.6.0"
],
"description": "curl -- OCSP verification bypass with TLS session reuse",
"cve": [
"CVE-2024-0853"
],
"url": "https://vuxml.FreeBSD.org/freebsd/02e33cd1-c655-11ee-8613-08002784c58d.html"
}
],
"reverse dependencies": [
"rust",
"zabbix6-agent",
"git",
"gitlab-ce",
"gitaly",
"rubygem-git",
"rubygem-danger",
"rubygem-gitlab-dangerfiles",
"rubygem-danger-gitlab",
"cfitsio",
"vips",
"rubygem-ruby-vips",
"rubygem-image_processing",
"rubygem-rails70",
"rubygem-gettext_i18n_rails_js-rails70",
"rubygem-invisible_captcha",
"rubygem-ethon",
"rubygem-typhoeus"
]
}
}
}
