| commit | c9c8794fa9abe9a2ed56207fb422c9b3599b965f | [log] [tgz] |
|---|---|---|
| author | Nicholas Luedtke <nluedtke@users.noreply.github.com> | Fri Nov 18 10:45:23 2022 -0500 |
| committer | GitHub <noreply@github.com> | Fri Nov 18 10:45:23 2022 -0500 |
| tree | 21dc1b951f0d6807adb5b9927015079369dc9ecc | |
| parent | 9175d40b0f137027f36bda5286d4341e56719cce [diff] |
Pull varius updates from staging (#300) * Update 26May22 [ci skip] * Revert "Update 26May22" This reverts commit 210df9a209e417ea8af85ceb7ac574a2e858d49e. * Bump shell-quote from 1.7.2 to 1.7.3 in /ui Bumps [shell-quote](https://github.com/substack/node-shell-quote) from 1.7.2 to 1.7.3. - [Release notes](https://github.com/substack/node-shell-quote/releases) - [Changelog](https://github.com/substack/node-shell-quote/blob/master/CHANGELOG.md) - [Commits](https://github.com/substack/node-shell-quote/compare/v1.7.2...1.7.3) --- updated-dependencies: - dependency-name: shell-quote dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump terser from 4.8.0 to 4.8.1 in /ui Bumps [terser](https://github.com/terser/terser) from 4.8.0 to 4.8.1. - [Release notes](https://github.com/terser/terser/releases) - [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md) - [Commits](https://github.com/terser/terser/commits) --- updated-dependencies: - dependency-name: terser dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> * Bump loader-utils and @vue/cli-service in /ui Bumps [loader-utils](https://github.com/webpack/loader-utils) to 1.4.2 and updates ancestor dependencies [loader-utils](https://github.com/webpack/loader-utils), [loader-utils](https://github.com/webpack/loader-utils) and [@vue/cli-service](https://github.com/vuejs/vue-cli/tree/HEAD/packages/@vue/cli-service). These dependencies need to be updated together. Updates `loader-utils` from 1.4.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2) Updates `loader-utils` from 1.1.0 to 1.4.2 - [Release notes](https://github.com/webpack/loader-utils/releases) - [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md) - [Commits](https://github.com/webpack/loader-utils/compare/v1.4.0...v1.4.2) Updates `@vue/cli-service` from 4.5.17 to 5.0.8 - [Release notes](https://github.com/vuejs/vue-cli/releases) - [Changelog](https://github.com/vuejs/vue-cli/blob/dev/CHANGELOG.md) - [Commits](https://github.com/vuejs/vue-cli/commits/v5.0.8/packages/@vue/cli-service) --- updated-dependencies: - dependency-name: loader-utils dependency-type: indirect - dependency-name: loader-utils dependency-type: indirect - dependency-name: "@vue/cli-service" dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> * update plugin-babel * Revert "update plugin-babel" This reverts commit 42430871a6e569cd9830516fc8c101d3b8462c54. * Run npm update * Run force update * More package fun * Update 18Nov22 [ci skip] Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This is a simple project to track CVEs in the upstream linux kernel. Individual distro's (RHEL, Debian, Ubuntu, etc) often do a good job of tracking CVEs for their own kernels but this information is lacking for the upstream kernel. This project aims to help out with this void. The output was generated automatically through a set of tools that has not been fully tested or made public yet.
There are two ways to view/consume the data. The easiest is the web front end at www.linuxkernelcves.com. Here can you can view CVEs by stream or by CVE id. The second way is this github page. Here, the data is laid out in both JSON and text format.
Tracking, mitigating, and patching CVEs is just a small part of maintaining a secure kernel. Let me be clear, you can patch all known CVEs and still be vulnerable. Some risk can be mitigated through properly configuring your kernel/system. I suggest you visit the Kernel Self Protection Project and other kernel security pages for more information.
Below is a list of definitions for certain strings you might see in a stream report. The only CVEs that should appear in the stream document are ones that potentially affect that stream. (ie. ones that were not fixed prior to the first release version and were not introduced after the release version) If no fixing commit is known for a CVE, then by default it is assumed to present in all streams after it was introduced.
The process for generating these documents is focused on being as automated as possible. Below is the general outline of steps.
The bulk of the data is autogenerated or pulled from other open sources. While every effort is taken to ensure its accuracy, no promise of absolute accuracy can be made. If you think a CVE is missing or is not completely accurate, please fill out an issue to have the data looked at and changed. The eventual goal would be to have a community curated list of CVEs along with when the code was introduced and when it was fixed.
Want to contribute? Great!
Any additions/removals/updates to the data should start with an Issue. Please be as accurate and complete as possible when requesting a change so the information can be validated as quickly as possible.
All code changes or enchancements must be done through a Pull Request to the staging branch. No PRs directly to master will be accepted.