Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Improve GHSA-xpw8-rcwv-8f8p #2868

Closed
wants to merge 2 commits into from
Closed

Improve GHSA-xpw8-rcwv-8f8p #2868

wants to merge 2 commits into from

Conversation

dpippenger
Copy link

@dpippenger dpippenger commented Oct 18, 2023
edited
Loading

Updates

  • Aliases
  • Description

Comments
The GHSA record is lacking a reference to CVE-2023-44487 in the metadata. Also a link to the NVD was missing.

@github-actions github-actions bot changed the base branch from main to dpippenger/advisory-improvement-2868 October 18, 2023 21:15
@darakian
Copy link
Contributor

Hey, thanks for the contribution, but we have a technical limitation that prevents us from having the CVE on two GHSAs at the same time. Is there anything else I can help with?

@dpippenger
Copy link
Author

In this case would it then be more appropriate to add the affected netty packages to GHSA-qppj-fm5r-hxr3 and remove this GHSA from the database?

@darakian
Copy link
Contributor

I don't think so as the netty project itself is the root for this advisory. It could be nice to merge the two, but alas we lack merge support as well 😞
GHSA-xpw8-rcwv-8f8p

@dpippenger
Copy link
Author

Ok, thanks for the responses. Best wishes.

@dpippenger dpippenger closed this Oct 19, 2023
@dpippenger dpippenger mentioned this pull request Oct 20, 2023
Open
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@darrsand darrsand darrsand approved these changes

@0xDEC0DE 0xDEC0DE 0xDEC0DE approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@dpippenger @darakian @0xDEC0DE @darrsand