security-advisories
security-advisories copied to clipboard
haskell
Once the system is in place, creates an issue for https://github.com/github/advisory-database#sources .
Mandatory information: * Package : https://hackage.haskell.org/package/libyaml-clib * cvss: 3.1 * affected versions: all up to 0.2.5 Upstream discussion: https://github.com/yaml/libyaml/issues/289
--- ## hsec-tools - [x] Previous advisories are still valid
Mandatory information: * Package : I think the most notable are `memory`, `foundation`, `basement` * cvss: 8 * affected versions: Latest, and given that the packages are abandoned, no new...
## Summary it would be good to offer the tools provided in this repository as a package on hackage. For cabal-audit, Jude Taylor is asking me to whom they should...
## Summary It would be nice to have a `cabal` integration, like `cabal audit` that can build a report for a cabal package, now that you can write plugins for...
The fact we use the Git history to deduce the *published* and *modified* date fields is non-obvious and can confuse users, because parsing our advisory content will fail if they...
## Summary it would be good to have the `Advisory` type point back to the repository it stems from; reason being that 1. we would like to refer to an...
Downstream tools need to retrieve, cache and process advisory data. Syncing our Git repo is one way to do it, but - Our repo contains tool code and other SRT...
## Summary CVSS 4.0 is here, and already supported by OSV. Add support for it in our cvss lib and hsec-tools.