1berry/mullvadvpn-app
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Bump ignoreUntil for ignored vulns

Browse Source
This commit is contained in:
David Lönnhager 2025-06-12 10:10:18 +02:00
parent d5bafd7549
commit fe3445f26a
2 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
osv-scanner.toml
View File

@ -71,7 +71,7 @@
# The `paste` crate is no longer maintained # The `paste` crate is no longer maintained
[[IgnoredVulns]] [[IgnoredVulns]]
id = "RUSTSEC-2024-0436" id = "RUSTSEC-2024-0436"
ignoreUntil = 2025-06-11 ignoreUntil = 2025-09-12
reason = """ reason = """
The `paste` crate is no longer maintained. `htmlize` depend on it, and there is currently no "fix" for this. The `paste` crate is no longer maintained. `htmlize` depend on it, and there is currently no "fix" for this.
We have no reason to suspect that `paste` is vulnerable in any way. We have no reason to suspect that `paste` is vulnerable in any way.

24
wireguard-go-rs/libwg/osv-scanner.toml
View File

@ -2,71 +2,71 @@
# Stack exhaustion in Decoder.Decode in encoding/gob # Stack exhaustion in Decoder.Decode in encoding/gob
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2024-34156" # GO-2024-3106 id = "CVE-2024-34156" # GO-2024-3106
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Stack exhaustion in Parse in go/build/constraint # Stack exhaustion in Parse in go/build/constraint
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2024-34158" # GO-2024-3107 id = "CVE-2024-34158" # GO-2024-3107
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Stack exhaustion in all Parse functions in go/parser # Stack exhaustion in all Parse functions in go/parser
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2024-34155" # GO-2024-3105 id = "CVE-2024-34155" # GO-2024-3105
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Denial of service in HTML Parse function in go/net/html # Denial of service in HTML Parse function in go/net/html
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2024-45338" # GO-2024-3333 id = "CVE-2024-45338" # GO-2024-3333
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Denial of service in HTML Parse function in go/net/html # Denial of service in HTML Parse function in go/net/html
[[IgnoredVulns]] [[IgnoredVulns]]
id = "GHSA-w32m-9786-jp63" # GO-2024-3333 id = "GHSA-w32m-9786-jp63" # GO-2024-3333
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Sensitive headers incorrectly sent after cross-domain redirect in net/http # Sensitive headers incorrectly sent after cross-domain redirect in net/http
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2024-45336" # GO-2025-3420 id = "CVE-2024-45336" # GO-2025-3420
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 # Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2024-45341" # GO-2025-3373 id = "CVE-2024-45341" # GO-2025-3373
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Denial of service in golang.org/x/crypto (for SSH server implementations) # Denial of service in golang.org/x/crypto (for SSH server implementations)
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2025-22869" # GO-2025-3487 id = "CVE-2025-22869" # GO-2025-3487
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. We don't deploy to PowerPC. # Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec. We don't deploy to PowerPC.
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2025-22866" # GO-2025-3447 id = "CVE-2025-22866" # GO-2025-3447
ignoreUntil = 2025-06-12 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use the affected code" reason = "wireguard-go does not use the affected code"
# HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net # HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2025-22870" # GO-2025-3503 id = "CVE-2025-22870" # GO-2025-3503
ignoreUntil = 2025-07-01 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use x/net/proxy nor x/net/http/httpproxy" reason = "wireguard-go does not use x/net/proxy nor x/net/http/httpproxy"
# Request smuggling due to acceptance of invalid chunked data in net/http # Request smuggling due to acceptance of invalid chunked data in net/http
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2025-22871" # GO-2025-3563 id = "CVE-2025-22871" # GO-2025-3563
ignoreUntil = 2025-07-08 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use net/http" reason = "wireguard-go does not use net/http"
# Incorrect Neutralization of Input During Web Page Generation in x/net # Incorrect Neutralization of Input During Web Page Generation in x/net
[[IgnoredVulns]] [[IgnoredVulns]]
id = "CVE-2025-22872" # GO-2025-3595 id = "CVE-2025-22872" # GO-2025-3595
ignoreUntil = 2025-07-17 ignoreUntil = 2025-09-12
reason = "wireguard-go does not use x/net/html" reason = "wireguard-go does not use x/net/html"