FS#69661 - [arch-audit] Inconsistent output between `arch-audit -t` and `arch-audit`
Attached to Project:
Community Packages
Opened by mpan (mpan) - Tuesday, 16 February 2021, 16:42 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 17 February 2021, 18:41 GMT
Opened by mpan (mpan) - Tuesday, 16 February 2021, 16:42 GMT
Last edited by Levente Polyak (anthraxx) - Wednesday, 17 February 2021, 18:41 GMT
|
Details
Description:
Invoking `arch-audit` and `arch-audit -t` gives different output: $ arch-audit libebml is affected by arbitrary code execution. High risk! binutils is affected by arbitrary filesystem access. Medium risk! cairo is affected by arbitrary code execution. Medium risk! ffmpeg is affected by arbitrary code execution. Medium risk! flac is affected by information disclosure. Medium risk! linux is affected by multiple issues. Medium risk! openjpeg2 is affected by multiple issues. Medium risk! python is affected by multiple issues. Medium risk! xdg-utils is affected by information disclosure. Medium risk! audacity is affected by information disclosure. Low risk! unzip is affected by arbitrary code execution. Low risk! vorbis-tools is affected by denial of service. Low risk! $ arch-audit -t libebml is affected by arbitrary code execution. High risk! binutils is affected by arbitrary filesystem access. Medium risk! cairo is affected by arbitrary code execution. Medium risk! ffmpeg is affected by arbitrary code execution. Medium risk! flac is affected by information disclosure. Medium risk! linux is affected by multiple issues. Medium risk! openjpeg2 is affected by multiple issues. Medium risk! python is affected by multiple issues. Medium risk! python-cryptography is affected by incorrect calculation. Medium risk! Update to at least3.4-1 from the testing repos! python2-cryptography is affected by incorrect calculation. Medium risk! Update to at least3.4-1 from the testing repos! xdg-utils is affected by information disclosure. Medium risk! audacity is affected by information disclosure. Low risk! unzip is affected by arbitrary code execution. Low risk! vorbis-tools is affected by denial of service. Low risk! Additional info: * arch-audit 0.1.16-1 * Possibly related to |
This task depends upon
Closed by Levente Polyak (anthraxx)
Wednesday, 17 February 2021, 18:41 GMT
Reason for closing: Fixed
Additional comments about closing: 0.1.17-1
Wednesday, 17 February 2021, 18:41 GMT
Reason for closing: Fixed
Additional comments about closing: 0.1.17-1
Comment by
Levente Polyak (anthraxx) -
Wednesday, 17 February 2021, 16:12 GMT
https://gitlab.com/ilpianista/arch-audit/-/commit/14e9427db2f5ce2b2f893677cfcb60bd8995d3db