summaryrefslogtreecommitdiffhomepage
path: root/gui/scripts/osv-scanner.toml
diff options
context:
space:
mode:
authorOskar <oskar@mullvad.net>2024-11-05 07:57:08 +0100
committerOskar <oskar@mullvad.net>2024-11-14 16:43:18 +0100
commit84f14d79c4f0dde73337820ec94ba8ff928a3797 (patch)
treece468658e5ba7b0a74950c7ad1b09b3a4d00520b /gui/scripts/osv-scanner.toml
parente3ce0eb5cd0610dbff6ec98cb8cb388415c74bf6 (diff)
downloadmullvadvpn-84f14d79c4f0dde73337820ec94ba8ff928a3797.tar.xz
mullvadvpn-84f14d79c4f0dde73337820ec94ba8ff928a3797.zip
Move gui directory to desktop/packages/mullvad-vpn
Diffstat (limited to 'gui/scripts/osv-scanner.toml')
-rw-r--r--gui/scripts/osv-scanner.toml43
1 files changed, 0 insertions, 43 deletions
diff --git a/gui/scripts/osv-scanner.toml b/gui/scripts/osv-scanner.toml
deleted file mode 100644
index c415d89235..0000000000
--- a/gui/scripts/osv-scanner.toml
+++ /dev/null
@@ -1,43 +0,0 @@
-# See repository root `osv-scanner.toml` for instructions and rules for this file.
-
-# Pillow arbitrary code execution
-[[IgnoredVulns]]
-id = "CVE-2023-50447" # GHSA-3f63-hfp8-52jq
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"
-
-# Pillow buffer overflow
-[[IgnoredVulns]]
-id = "CVE-2024-28219" # GHSA-44wm-f244-xhp3
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"
-
-# Pillow DoS
-[[IgnoredVulns]]
-id = "CVE-2023-44271" # GHSA-8ghj-p4vj-mr35
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"
-
-# libwebp: OOB write in BuildHuffmanTable
-[[IgnoredVulns]]
-id = "CVE-2023-5129" # GHSA-j7hp-h8jx-5ppr
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"
-
-# Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863)
-[[IgnoredVulns]]
-id = "PYSEC-2023-175"
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"
-
-# Pillow versions before v10.0.1 bundled libwebp binaries in wheels that are vulnerable to CVE-2023-5129 (previously CVE-2023-4863)
-[[IgnoredVulns]]
-id = "GHSA-56pw-mpj4-fxww"
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"
-
-# Pillow vulnerable to Data Amplification attack.
-[[IgnoredVulns]]
-id = "CVE-2022-45198" # GHSA-m2vv-5vj5-2hm7
-ignoreUntil = 2024-12-05
-reason = "Only used internally, on trusted input. This tool is also scheduled for removal completely, so not worth trying to upgrade"