advisories icon indicating copy to clipboard operation
advisories copied to clipboard
Published 1 month ago verified publisher icon wolfi-dev

Add support for globally suppressing CVEs

Open kaniini opened this issue 2 years ago • 2 comments

Description

There are a lot of CVEs, such as CVE-2023-35116, where we will just want to suppress them across all packages. Presently, we have to do this in every single package we want to NAK the CVE in, but being able to do it in all packages would be helpful.

It might be worth extending the secfixes feed for this.

kaniini avatar Jul 24 '23 16:07 kaniini

Interesting idea. Can you expand on the problem scenario a bit? What about the CVE is such that we'd want to NAK it for every package?

luhring avatar Jul 30 '23 15:07 luhring

ReDoS type vulnerabilities for one, disputed vulnerabilities like the one I specified above also.

kaniini avatar Jul 31 '23 12:07 kaniini