Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Tukaani XZ false positive #1668

Closed
coheigea opened this issue Jan 4, 2019 · 1 comment
Closed

Tukaani XZ false positive #1668

coheigea opened this issue Jan 4, 2019 · 1 comment

Comments

@coheigea
Copy link

coheigea commented Jan 4, 2019

There is a false positive for Tukaani XZ:

xz-1.8.jar (cpe:/a:tukaani:xz:1.8, org.tukaani:xz:1.8) : CVE-2015-4035

The CVE refers to Tukaani itelf. But org.tukaani.xz is a Java library that has a separate versioning system (https://tukaani.org/xz/java.html).
@jeremylong
Copy link
Owner

This is resolved in the 6.x release.

@OfriOuzan OfriOuzan mentioned this issue Oct 2, 2022
Closed
@B4ckslash B4ckslash mentioned this issue Aug 27, 2024
Closed
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@coheigea @jeremylong