geoipupdate icon indicating copy to clipboard operation
geoipupdate copied to clipboard
verified publisher icon maxmind

High vulnerabilities detected within the latest version

Open Blackoutzz opened this issue 2 months ago • 2 comments

The latest package/release 7.1.1 seems to leverage stdlib v1.24.5 which contains vulnerability that are flagged by my CI. That would be great if a repackage could be done just to update / patch those.

Image

Blackoutzz avatar Oct 25 '25 18:10 Blackoutzz

Neither of those CVEs appear to affect geoipupdate. We don't use LookPath nor database/sql.

oschwald avatar Oct 28 '25 14:10 oschwald

Neither of those CVEs appear to affect geoipupdate. We don't use LookPath nor database/sql.

That's totally true, but it creates false positives due to "stdlib" having a vulnerable version.

Blackoutzz avatar Oct 29 '25 21:10 Blackoutzz