ruby-advisory-db icon indicating copy to clipboard operation
ruby-advisory-db copied to clipboard

Published 20 hours ago verified publisher icon rubysec

OSVDB in license

Open dberecz opened this issue 3 years ago • 1 comments

In the license the usage of OSVDB is mentioned and references their license. OSVDB and OSF both shut down years ago. Is it still relevant to keep them in the license? Removing them would make the license more clear and up-to-date. Thanks a lot!

dberecz avatar Jul 08 '21 09:07 dberecz

There has been work to remove any data that came from OSVDB (see #456). There are still 90 advisories named OSVDB-..., but that have no cve: ID we could rename them to. Someone will need to research each advisory (aka googling the title:) and find the missing CVE.

gems/actionpack/OSVDB-100524.yml
gems/actionpack/OSVDB-100525.yml
gems/actionpack/OSVDB-100526.yml
gems/actionpack/OSVDB-100527.yml
gems/actionpack/OSVDB-100528.yml
gems/actionpack/OSVDB-74616.yml
gems/actionpack/OSVDB-77199.yml
gems/activerecord-jdbc-adapter/OSVDB-114854.yml
gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
gems/activerecord/OSVDB-88661.yml
gems/activeresource/OSVDB-95749.yml
gems/as/OSVDB-112683.yml
gems/auto_awesomplete/OSVDB-132800.yml
gems/auto_select2/OSVDB-132800.yml
gems/backup_checksum/OSVDB-108570.yml
gems/bcrypt/OSVDB-62067.yml
gems/bcrypt-ruby/OSVDB-62067.yml
gems/brbackup/OSVDB-108899.yml
gems/brbackup/OSVDB-108900.yml
gems/builder/OSVDB-95668.yml
gems/bundler/OSVDB-115090.yml
gems/bundler/OSVDB-115091.yml
gems/bundler/OSVDB-115917.yml
gems/cap-strap/OSVDB-108575.yml
gems/curb/OSVDB-114600.yml
gems/devise/OSVDB-114435.yml
gems/doorkeeper/OSVDB-118830.yml
gems/dragonfly/OSVDB-110439.yml
gems/dragonfly/OSVDB-97854.yml
gems/enum_column3/OSVDB-94679.yml
gems/flavour_saver/OSVDB-110796.yml
gems/flukso4r/OSVDB-101577.yml
gems/fog-dragonfly/OSVDB-110439.yml
gems/fog-dragonfly/OSVDB-97854.yml
gems/gnms/OSVDB-108594.yml
gems/handlebars-source/OSVDB-131671.yml
gems/i18n/OSVDB-100528.yml
gems/jruby-sandbox/OSVDB-106279.yml
gems/json/OSVDB-101157.yml
gems/kajam/OSVDB-108530.yml
gems/karo/OSVDB-108573.yml
gems/kcapifony/OSVDB-108572.yml
gems/kompanee-recipes/OSVDB-108593.yml
gems/lingq/OSVDB-108585.yml
gems/loofah/OSVDB-90945.yml
gems/lynx/OSVDB-108579.yml
gems/mapbox-rails/OSVDB-129854.yml
gems/mapbox-rails/OSVDB-132871.yml
gems/mustache-js-rails/OSVDB-131671.yml
gems/nokogiri/OSVDB-118481.yml
gems/open-uri-cached/OSVDB-121701.yml
gems/paperclip/OSVDB-103151.yml
gems/passenger/OSVDB-90738.yml
gems/quick_magick/OSVDB-106954.yml
gems/rack-attack/OSVDB-132234.yml
gems/redcarpet/OSVDB-120415.yml
gems/redis-namespace/OSVDB-96425.yml
gems/refile/OSVDB-120857.yml
gems/ruby-saml/OSVDB-117903.yml
gems/ruby-saml/OSVDB-124383.yml
gems/ruby-saml/OSVDB-124991.yml
gems/screen_capture/OSVDB-107783.yml
gems/sidekiq/OSVDB-125675.yml
gems/sidekiq/OSVDB-125676.yml
gems/sidekiq/OSVDB-125678.yml
gems/sidekiq-pro/OSVDB-126329.yml
gems/sidekiq-pro/OSVDB-126330.yml
gems/sidekiq-pro/OSVDB-126331.yml
gems/spree_auth_devise/OSVDB-90865.yml
gems/spree_auth/OSVDB-90865.yml
gems/spree/OSVDB-119205.yml
gems/spree/OSVDB-125699.yml
gems/spree/OSVDB-125701.yml
gems/spree/OSVDB-125712.yml
gems/spree/OSVDB-125713.yml
gems/spree/OSVDB-69098.yml
gems/spree/OSVDB-73751.yml
gems/spree/OSVDB-76011.yml
gems/spree/OSVDB-81505.yml
gems/spree/OSVDB-81506.yml
gems/spree/OSVDB-90865.yml
gems/spree/OSVDB-91216.yml
gems/spree/OSVDB-91217.yml
gems/spree/OSVDB-91218.yml
gems/spree/OSVDB-91219.yml
gems/twitter-bootstrap-rails/OSVDB-109206.yml
gems/uglifier/OSVDB-126747.yml
gems/web-console/OSVDB-112346.yml
rubies/jruby/OSVDB-94644.yml
rubies/rbx/OSVDB-78119.yml

There are also 64 advisories which contain URLs to the defunct osvdb.org website, which should probably be removed. A PR could easily be submitted to remove the dead osvdb.org URLs.

gems/activerecord-jdbc-adapter/OSVDB-114854.yml
gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
gems/activeresource/OSVDB-95749.yml
gems/as/OSVDB-112683.yml
gems/backup_checksum/OSVDB-108570.yml
gems/brbackup/OSVDB-108899.yml
gems/brbackup/OSVDB-108900.yml
gems/builder/OSVDB-95668.yml
gems/bundler/OSVDB-115090.yml
gems/bundler/OSVDB-115091.yml
gems/bundler/OSVDB-115917.yml
gems/cap-strap/OSVDB-108575.yml
gems/curb/OSVDB-114600.yml
gems/doorkeeper/OSVDB-118830.yml
gems/dragonfly/OSVDB-110439.yml
gems/dragonfly/OSVDB-97854.yml
gems/enum_column3/OSVDB-94679.yml
gems/flavour_saver/OSVDB-110796.yml
gems/flukso4r/OSVDB-101577.yml
gems/fog-dragonfly/OSVDB-110439.yml
gems/fog-dragonfly/OSVDB-97854.yml
gems/gnms/OSVDB-108594.yml
gems/json/OSVDB-101157.yml
gems/kajam/OSVDB-108530.yml
gems/karo/OSVDB-108573.yml
gems/kcapifony/OSVDB-108572.yml
gems/kompanee-recipes/OSVDB-108593.yml
gems/lingq/OSVDB-108585.yml
gems/loofah/OSVDB-90945.yml
gems/lynx/OSVDB-108579.yml
gems/paperclip/OSVDB-103151.yml
gems/quick_magick/OSVDB-106954.yml
gems/ruby-saml/OSVDB-117903.yml
gems/screen_capture/OSVDB-107783.yml
gems/web-console/OSVDB-112346.yml
rubies/jruby/OSVDB-94644.yml
rubies/rbx/CVE-2012-5372.yml
rubies/rbx/OSVDB-78119.yml
rubies/ruby/CVE-2008-2662.yml
rubies/ruby/CVE-2008-2663.yml
rubies/ruby/CVE-2008-2664.yml
rubies/ruby/CVE-2008-2725.yml
rubies/ruby/CVE-2008-2726.yml
rubies/ruby/CVE-2008-3790.yml
rubies/ruby/CVE-2009-1904.yml
rubies/ruby/CVE-2009-4124.yml
rubies/ruby/CVE-2009-4492.yml
rubies/ruby/CVE-2010-0541.yml
rubies/ruby/CVE-2010-2489.yml
rubies/ruby/CVE-2011-1004.yml
rubies/ruby/CVE-2011-1005.yml
rubies/ruby/CVE-2011-3389.yml
rubies/ruby/CVE-2011-4815.yml
rubies/ruby/CVE-2012-4522.yml
rubies/ruby/CVE-2012-5371.yml
rubies/ruby/CVE-2013-1821.yml
rubies/ruby/CVE-2013-2065.yml
rubies/ruby/CVE-2013-4073.yml
rubies/ruby/CVE-2013-4164.yml
rubies/ruby/CVE-2014-2525.yml
rubies/ruby/CVE-2014-3916.yml
rubies/ruby/CVE-2014-4975.yml
rubies/ruby/CVE-2014-8080.yml
rubies/ruby/CVE-2014-8090.yml

postmodern avatar Jul 08 '21 13:07 postmodern