deploy: 8ccce7fd31

2023-01-06 13:05:40 +00:00 · 2023-01-06 13:05:40 +00:00 · 8c93ba5559
parent 4a2d300d42
commit 8c93ba5559
2 changed files with 4 additions and 3 deletions
--- a/index.html
+++ b/index.html
@ -51,7 +51,7 @@
      }
      a.toggle-more-links { cursor: pointer; }
    </style>
-    <title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-04 13:05:58.983808723 +0000 UTC m=+1.065410995 </title>
+    <title>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-06 13:05:39.249913015 +0000 UTC m=+1.190615677 </title>
    <script>
      window.onload = function() {
        document.querySelectorAll('td.links').forEach(function(linkCell) {
@ -81,7 +81,7 @@
    </script>
  </head>
  <body>
-    <h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-04 13:05:58.983832523 +0000 UTC m=+1.065434895</h1>
+    <h1>docker.io/rockylinux/rockylinux:8 (rocky 8.7) - Trivy Report - 2023-01-06 13:05:39.249936814 +0000 UTC m=+1.190639576</h1>
    <table>
      <tr class="group-header"><th colspan="6">rocky</th></tr>
      <tr><th colspan="6">No Vulnerabilities found</th></tr>
@ -102,6 +102,7 @@
        <td class="pkg-version">39.2.0</td>
        <td>65.5.1</td>
        <td class="links" data-more-links="off">
+          <a href="https://access.redhat.com/security/cve/CVE-2022-40897">https://access.redhat.com/security/cve/CVE-2022-40897</a>
          <a href="https://github.com/advisories/GHSA-r9hx-vwmv-q579">https://github.com/advisories/GHSA-r9hx-vwmv-q579</a>
          <a href="https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200">https://github.com/pypa/setuptools/blob/fe8a98e696241487ba6ac9f91faa38ade939ec5d/setuptools/package_index.py#L200</a>
          <a href="https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be">https://github.com/pypa/setuptools/commit/43a9c9bfa6aa626ec2a22540bea28d2ca77964be</a>
--- a/trivy-results.sarif
+++ b/trivy-results.sarif
@ -13,7 +13,7 @@
              "id": "CVE-2022-40897",
              "name": "LanguageSpecificPackageVulnerability",
              "shortDescription": {
-                "text": "CVE-2022-40897 affecting package python-setuptools 40.2.0-6"
+                "text": "pypa-setuptools: Regular Expression Denial of Service (ReDoS) in package_index.py"
              },
              "fullDescription": {
                "text": "Python Packaging Authority (PyPA) setuptools before 65.5.1 allows remote attackers to cause a denial of service via HTML in a crafted package or custom PackageIndex page. There is a Regular Expression Denial of Service (ReDoS) in package_index.py."