Skip to content

fix: zlib #5441 #5460

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
EternalDreamer01 wants to merge 10 commits into
base: main
Choose a base branch
from
Open

fix: zlib #5441 #5460

EternalDreamer01 wants to merge 10 commits into from

Conversation

@EternalDreamer01
Copy link
Contributor

@EternalDreamer01 EternalDreamer01 commented Dec 15, 2025
edited
Loading

Zlib versions with a build number (4th element in version, like 1.3.0.1) was not managed.

Initially related to #5441

@ffontaine
Copy link
Collaborator

ffontaine commented Dec 16, 2025

Hi @warthog9, I think you're the maintainer of the mirror.
Do you know why the following 404 error is returned:

ClientResponseError: 404, message='Not Found', 
url='https://v4.mirror.cveb.in/nvd/json/cve/2.0/nvdcve-2.0-2013.json.gz'
Error: Process completed with exit code 1.

@warthog9
Copy link
Contributor

warthog9 commented Dec 16, 2025

re-ran the mirror and it popped in, if I had to guess some errant bit that caused an error somewhere. Not seeing anything in the logs so it might have been AWOL for a while. Double check it now.

@ffontaine
Copy link
Collaborator

ffontaine commented Dec 18, 2025

@EternalDreamer01, thanks for this PR, nice catch.

Can you add a Signed-off-by tag to all your commits (e.g. through commit -s)? This will fix "DCO" test.

Moreover, can you add zlib to other_products for varnish-7.7.3-ro.apk entry in test/test_data/varnish.py?
This will fix:

FAILED test/test_scanner.py::TestScanner::test_version_in_package[https://dl-cdn.alpinelinux.org/alpine/v3.22/main/x86_64/-varnish-7.7.3-r0.apk-varnish_cache-7.7.3-other_products1303] - AssertionError: zlib found in varnish-7.7.3-r0.apk. If that's expected, make sure to add zlib to the expected list of other_products.
assert 'zlib' not in {'varnish_cache', 'zlib'}

EternalDreamer01 and others added 9 commits December 19, 2025 15:21
@EternalDreamer01
fix: zlib
5090c60 
Signed-off-by: Dimitri Simon <[email protected]>
@EternalDreamer01
chore: fix regex
b1ad5bc 
Signed-off-by: Dimitri Simon <[email protected]>
@ffontaine
fix: update allowed-endpoints (ossf#5461)
cd09bb9 
Add playwright.download.prss.microsoft.com and cdn.playwright.dev in
allowed-endpoints to fix the following failure when installing
playwright:

Downloading Chromium 143.0.7499.4 (playwright build v1200) from https://cdn.playwright.dev/dbazure/download/playwright/builds/chromium/1200/chromium-linux.zip
(node:3714) [DEP0169] DeprecationWarning: `url.parse()` behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for `url.parse()` vulnerabilities.
(Use `node --trace-deprecation ...` to show where the warning was created)
Error: connect ECONNREFUSED 54.185.253.63:443
    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1637:16) {
  errno: -111,
  code: 'ECONNREFUSED',
  syscall: 'connect',
  address: '54.185.253.63',
  port: 443
}

Also add v4.mirror.cveb.in:443 to fix the same kind of issue:

ClientConnectorError: Cannot connect to host v4.mirror.cveb.in:443 ssl:default
[Connect call failed ('54.185.253.63', 443)]

All those issues are probably raised because ubuntu-latest is used
instead of intel-ubuntu-latest since switch to ossf

Signed-off-by: Fabrice Fontaine <[email protected]>
Signed-off-by: Dimitri Simon <[email protected]>
@ffontaine
fix(nvd_source): fix configuration without nodes (ossf#5449)
821726c 
https://nvd.nist.gov/vuln/detail/cve-2025-40939 has the following
configurations: [{}]

This will result in a crash as current code wrongly assumes that all
configuration object has a nodes parameter

Signed-off-by: Fabrice Fontaine <[email protected]>
Signed-off-by: Dimitri Simon <[email protected]>
@ffontaine
fix: do not expect db to exist with --import-json (ossf#5438)
9cc275f 
Obviously, --import-json is mainly useful when db doesn't exist so drop
cvedb_orig.check_db_exists() from if statement

Moreover, do not exit after --import-json or --export-json to be
consistent with --import and --export

Finally, while at it, add --{im,ex}port-json to offline.md

Signed-off-by: Fabrice Fontaine <[email protected]>
Signed-off-by: Dimitri Simon <[email protected]>
chore: improved zlib regex
3dce149 
Signed-off-by: Dimitri Simon <[email protected]>
chore: improved zlib regex
031a414 
Signed-off-by: Dimitri Simon <[email protected]>
fix: zlib in varnish 7.7
bd2a30c 
Signed-off-by: Dimitri Simon <[email protected]>
chore: clean
b2f5c39 
Signed-off-by: Dimitri Simon <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@EternalDreamer01 @ffontaine @warthog9