You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the new whitelisting feature for packages and CVE IDs introduced in releases 0.1.19/0.1.20, respectively, only whitelisted packages will affect the summary counts:
[2021-08-21T15:11:38+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan% ls -l ./debcvescan.whitelist
ls: cannot access './debcvescan.whitelist': No such file or directory
[2021-08-21T15:15:17+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan% /usr/bin/debcvescan scan | grep -E 'Summary Total|intel-microcode|CVE-2020-8492|CVE-2019-20907|CVE-2021-27135'
Summary Total:40 Open:24 High: 0 Medium: 0 Low: 3 Unknown: 0 Ignored: 13
python2.7 LOW CVE-2019-20907: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by
python2.7 LOW CVE-2020-8492: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server
xterm OPEN CVE-2021-27135: xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via
intel-microcode OPEN CVE-2020-24489: Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially enable escalation of privilege
intel-microcode OPEN CVE-2020-24511: Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable informa
intel-microcode OPEN CVE-2020-24512: Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potentially enable information disc
intel-microcode OPEN CVE-2020-24513: Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially
[2021-08-21T15:15:30+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan% /usr/bin/debcvescan pkg intel-microcode --add-whitelist "meaningless inside a virtual machine"
[2021-08-21T15:17:05+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan% /usr/bin/debcvescan scan | grep -E 'Summary Total|intel-microcode|CVE-2020-8492|CVE-2019-20907|CVE-2021-27135'
Summary Total:36 Open:20 High: 0 Medium: 0 Low: 3 Unknown: 0 Ignored: 13
python2.7 LOW CVE-2020-8492: Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1 allows an HTTP server
python2.7 LOW CVE-2019-20907: In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by
xterm OPEN CVE-2021-27135: xterm before Patch #366 allows remote attackers to execute arbitrary code or cause a denial of service (segmentation fault) via
[2021-08-21T15:17:35+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan% for CVEID in CVE-2020-8492 CVE-2019-20907 CVE-2021-27135; do /usr/bin/debcvescan cve $CVEID --add-whitelist "fixed on Ubuntu 20.04 LTS"; done
[2021-08-21T15:18:46+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan% /usr/bin/debcvescan scan | grep -E 'Summary Total|intel-microcode|CVE-2020-8492|CVE-2019-20907|CVE-2021-27135'
Summary Total:36 Open:20 High: 0 Medium: 0 Low: 3 Unknown: 0 Ignored: 13
[2021-08-21T15:18:55+0200] sys-maint@vserver19<kvm>:/tmp/debcvescan%
Given that a reason for whitelisting both the package intel-microcode and the individual CVE IDs has been given, I'd expect that the Total/Open/Low counters would also change due to the latter (thereby either increasing the Ignored counter or explicitly being displayed/counted as Whitelisted).
The text was updated successfully, but these errors were encountered:
Using the new whitelisting feature for packages and CVE IDs introduced in releases 0.1.19/0.1.20, respectively, only whitelisted packages will affect the summary counts:
Given that a reason for whitelisting both the package
intel-microcode
and the individual CVE IDs has been given, I'd expect that the Total/Open/Low counters would also change due to the latter (thereby either increasing the Ignored counter or explicitly being displayed/counted as Whitelisted).The text was updated successfully, but these errors were encountered: