Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Report biscuit-haskell CVE-2022-31053 (#32) #47

Merged
merged 1 commit into from
Jun 17, 2023
Merged

Report biscuit-haskell CVE-2022-31053 (#32) #47

merged 1 commit into from
Jun 17, 2023

Conversation

blackheaven
Copy link
Collaborator

Advisory

  • It's not duplicated
  • All fields are filled
  • It is validated by hsec-tools

@blackheaven blackheaven force-pushed the cve/biscuit-haskell/CVE-2022-31053 branch from 278f865 to 0a29d55 Compare June 17, 2023 15:54
@blackheaven blackheaven force-pushed the cve/biscuit-haskell/CVE-2022-31053 branch from 0a29d55 to ae7a8f3 Compare June 17, 2023 15:59
@blackheaven blackheaven merged commit 3e3acdd into haskell:main Jun 17, 2023
@blackheaven blackheaven deleted the cve/biscuit-haskell/CVE-2022-31053 branch June 17, 2023 17:45
@frasertweedale frasertweedale mentioned this pull request Jun 17, 2023
Closed
2 tasks
@frasertweedale
Copy link
Collaborator

Need to bring something up...

I thought we had decided that HSEC IDs would be assigned based on year the advisory was created - not the year in which the problem the advisory describes became known. Therefore, shouldn't this have been HSEC-2023-0002?

We have not yet exported any OSV objects or other enduring artifacts from our DB. So if the SRT agrees that we should rename it, it would be safe to do so. Let me know what you think.

@mihaimaruseac
Copy link
Collaborator

Oh, I forgot about that. Yes, I'm ok with switching to 2023.

@frasertweedale
Copy link
Collaborator

I'll (eventually) add some CI or automation around checking and assigning of IDs. But for now, it will be manual. I'll file a PR to move the file tomorrow.

@blackheaven
Copy link
Collaborator Author

Fixed in #55

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mihaimaruseac mihaimaruseac mihaimaruseac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@blackheaven @frasertweedale @mihaimaruseac