Vulnerability from csaf_opensuse
Published
2022-08-20 10:02
Modified
2022-08-20 10:02
Summary
Security update for trivy
Notes
Title of the patch
Security update for trivy
Description of the patch
This update for trivy fixes the following issues:
Update to version 0.30.4:
* fix: remove the first arg when running as a plugin (#2595)
* fix: k8s controlplaner scanning (#2593)
* fix(vuln): GitLab report template (#2578)
Update to version 0.30.3:
* fix(server): use a new db worker for hot updates (#2581)
* docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)
* docs: split commands to download db for different versions of oras (#2582)
* feat(report): export exitcode for license checks (#2564)
* fix: cli can use lowercase for severities (#2565)
* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)
* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)
* fix: enable some features of the wasm runtime (#2575)
* fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)
* docs(sbom): improve sbom attestation documentation (#2566)
Update to version 0.30.2:
* fix(report): show the summary without results (#2548)
* fix(cli): replace '-' to '_' for env vars (#2561)
Update to version 0.30.1:
* chore: remove a test repository (#2551)
* fix(license): lazy loading of classifiers (#2547)
* fix: CVE-2022-1996 in Trivy (#2499)
* docs(sbom): add sbom attestation (#2527)
* feat(rocky): set Rocky Linux 9 EOL (#2543)
* docs: add attributes to the video tag to autoplay demo videos (#2538)
* fix: yaml files with non-string chart name (#2534)
* fix: skip dirs (#2530)
* feat(repo): add support for branch, commit, & tag (#2494)
* fix: remove auto configure environment variables via viper (#2526)
Update to version 0.30.0:
* fix: separating multiple licenses from one line in dpkg copyright files (#2508)
* fix: change a capital letter for `plugin uninstall` subcommand (#2519)
* fix: k8s hide empty report when scanning resource (#2517)
* refactor: fix comments (#2516)
* fix: scan vendor dir (#2515)
* feat: Add support for license scanning (#2418)
* chore: add owners for secret scanning (#2485)
* fix: remove dependency-tree flag for image subcommand (#2492)
* fix(k8s): add shorthand for k8s namespace flag (#2495)
* docs: add information about using multiple servers to troubleshooting (#2498)
* ci: add pushing canary build images to registries (#2428)
* feat(dotnet): add support for .Net core .deps.json files (#2487)
* feat(amazon): add support for 2022 version (#2429)
* Type correction bitnami chart (#2415)
* docs: add config file and update CLI references (#2489)
* feat: add support for flag groups (#2488)
* refactor: move from urfave/cli to spf13/cobra (#2458)
* fix: Fix secrets output not containing file/lines (#2467)
* fix: clear output with modules (#2478)
* docs(cbl): distroless 1.0 supported (#2473)
* fix: Fix example dockerfile rego policy (#2460)
* fix(config): add helm to list of config analyzers (#2457)
* feat: k8s resouces scan (#2395)
* feat(sbom): add cyclonedx sbom scan (#2203)
* docs: remove links to removed content (#2431)
* ci: added rpm build for rhel 9 (#2437)
* fix(secret): remove space from asymmetric private key (#2434)
* test(integration): fix golden files for debian 9 (#2435)
* fix(cli): fix version string in docs link when secret scanning is enabled (#2422)
* refactor: move CycloneDX marshaling (#2420)
* docs(nodejs): add docs about pnpm support (#2423)
* docs: improve k8s usage documentation (#2425)
* feat: Make secrets scanning output consistant (#2410)
* ci: create canary build after main branch changes (#1638)
* fix(misconf): skip broken scans (#2396)
* feat(nodejs): add pnpm support (#2414)
* fix: Fix false positive for use of COS images (#2413)
* eliminate nerdctl dependency (#2412)
* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)
* fix(go): no cast to lowercase go package names (#2401)
* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)
* fix(server): hot update the db from custom repository (#2406)
* feat: added license parser for dpkg (#2381)
* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)
* feat: extract stripe publishable and secret keys (#2392)
* feat: rbac support k8s sub-command (#2339)
* feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)
* docs: Updating README with new CLI command (#2359)
* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)
* chore: add integration label and merge security label (#2316)
Update to version 0.29.2:
* chore: skip Visual Studio Code project folder (#2379)
* fix(helm): handle charts with templated names (#2374)
* docs: redirect operator docs to trivy-operator repo (#2372)
* fix(secret): use secret result when determining Failed status (#2370)
* try removing libdb-dev
* run integration tests in fanal
* use same testing images in fanal
* feat(helm): add support for trivy dbRepository (#2345)
* fix: Fix failing test due to deref lint issue
* test: Fix broken test
* fix: Fix makefile when no previous named ref is visible in a shallow clone
* chore: Fix linting issues in fanal
* refactor: Fix fanal import paths and remove dotfiles
Update to version 0.29.1:
* fix(report): add required fields to the SARIF template (#2341)
* chore: fix spelling errors (#2352)
* Omit Remediation if PrimaryURL is empty (#2006)
* docs(repo): Link to installation documentation in readme shows 404 (#2348)
* feat(alma): support for scanning of modular packages for AlmaLinux (#2347)
Update to version 0.29.0:
* fix(lang): fix dependency graph in client server mode (#2336)
* feat: allow expiration date for .trivyignore entries (#2332)
* feat(lang): add dependency origin graph (#1970)
* docs: update nix installation info (#2331)
* feat: add rbac scanning support (#2328)
* refactor: move WordPress module to another repository (#2329)
* ci: add support for ppc64le (#2281)
* feat: add support for WASM modules (#2195)
* feat(secret): show recommendation for slow scanning (#2051)
* fix(flag): remove --clear-cache flag client mode (#2301)
* fix(java): added check for looping for variable evaluation in pom file (#2322)
* BREAKING(k8s): change CLI API (#2186)
* feat(alpine): add Alpine Linux 3.16 (#2319)
* ci: add `go mod tidy` check (#2314)
* chore: run `go mod tidy` (#2313)
* fix: do not exit if one resource is not found (#2311)
* feat(cli): use stderr for all log messages (resolve #381) (#2289)
* test: replace deprecated subcommand client in integration tests (#2308)
* feat: add support for containerd (#2305)
* fix(kubernetes): Support floats in manifest yaml (#2297)
* docs(kubernetes): dead links (#2307)
* chore: add license label (#2304)
* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)
* feat(helm): add pod annotations (#2272)
* refactor: do not import defsec in fanal types package (#2292)
* feat(report): Add misconfiguration support to ASFF report template (#2285)
* test: use images in GHCR (#2275)
* feat(helm): support pod annotations (#2265)
* feat(misconf): Helm chart scanning (#2269)
* docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)
* fix: mask redis credentials when logging (#2264)
* refactor: extract commands Runner interface (#2147)
* docs: update operator release (#2263)
* feat(redhat): added architecture check (#2172)
* docs: updating links in the docs to work again (#2256)
* docs: fix readme (#2251)
* fix: fixed incorrect CycloneDX output format (#2255)
* refactor(deps): move dependencies to package (#2189)
* fix(report): change github format version to required (#2229)
* docs: update readme (#2110)
* docs: added information about choosing advisory database (#2212)
* chore: update trivy-kubernetes (#2224)
* docs: clarifying parts of the k8s docs and updating links (#2222)
* fix(k8s): timeout error logging (#2179)
* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)
* feat(k8s): add --context flag (#2171)
* fix(k8s): properly instantiate TableWriter (#2175)
* test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)
* chore: update labels (#2197)
* fix(report): fixed panic if all misconf reports were removed in filter (#2188)
* feat(k8s): scan secrets (#2178)
* feat(report): GitHub Dependency Snapshots support (#1522)
* feat(db): added insecure skip tls verify to download trivy db (#2140)
* fix(redhat): always use vulns with fixed version if there is one (#2165)
* chore(redhat): Add support for Red Hat UBI 9. (#2183)
* fix(k8s): update trivy-kubernetes (#2163)
* fix misconfig start line for code quality tpl (#2181)
* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)
* docs(vuln): Include GitLab 15.0 integration (#2153)
* docs: fix the operator version (#2167)
* fix(k8s): summary report when when only vulns exit (#2146)
* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)
* perf(misconf): Improve performance when scanning very large files (#2152)
* docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)
* chore(deps): Update fanal (for less verbose code in misconf results) (#2151)
* docs: fixed installation instruction for rhel/centos (#2143)
Update to version 0.28.0 (boo#1199760, CVE-2022-28946):
* fix: remove Highlighted from json output (#2131)
* fix: remove trivy-kubernetes replace (#2132)
* docs: Add Operator docs under Kubernetes section (#2111)
* fix(k8s): security-checks panic (#2127)
* ci: added k8s scope (#2130)
* docs: Update misconfig output in examples (#2128)
* fix(misconf): Fix coloured output in Goland terminal (#2126)
* docs(secret): Fix default value of --security-checks in docs (#2107)
* refactor(report): move colorize function from trivy-db (#2122)
* feat: k8s resource scanning (#2118)
* chore: add CODEOWNERS (#2121)
* feat(image): add `--server` option for remote scans (#1871)
* refactor: k8s (#2116)
* refactor: export useful APIs (#2108)
* docs: fix k8s doc (#2114)
* feat(kubernetes): Add report flag for summary (#2112)
* fix: Remove problematic advanced rego policies (#2113)
* feat(misconf): Add special output format for misconfigurations (#2100)
* feat: add k8s subcommand (#2065)
* chore: fix make lint version (#2102)
* fix(java): handle relative pom modules (#2101)
* fix(misconf): Add missing links for non-rego misconfig results (#2094)
* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)
* chore(os): updated fanal version and alpine distroless test (#2086)
* feat(report): add support for SPDX (#2059)
* chore: app version 0.27.0 (#2046)
* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)
* docs(secret) fix rule path in docs (#2061)
* docs: change from go.sum to go.mod (#2056)
Update to version 0.27.1:
* refactor(fs): scanner options (#2050)
* feat(secret): truncate long line (#2052)
* docs: fix a broken bullets (#2042)
* feat(ubuntu): add 22.04 approx eol date (#2044)
* docs: update installation.md (#2027)
* docs: add Containerfile (#2032)
Update to version 0.27.0:
* fix(go): fixed panic to scan gomod without version (#2038)
* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)
* feat(secret): support enable rules (#2035)
* chore: app version 26.0 (#2030)
* docs(secret): add a demo movie (#2031)
* feat: support cache TTL in Redis (#2021)
* fix(go): skip system installed binaries (#2028)
* fix(go): check if go.sum is nil (#2029)
* feat: add secret scanning (#1901)
* chore: gh publish only with push the tag release (#2025)
* fix(fs): ignore permission errors (#2022)
* test(mod): using correct module inside test go.mod (#2020)
* feat(server): re-add proxy support for client/server communications (#1995)
* fix(report): truncate a description before escaping in ASFF template (#2004)
* fix(cloudformation): correct margin removal for empty lines (#2002)
* fix(template): correct check of old sarif template files (#2003)
Update to version 0.26.0:
* feat(alpine): warn mixing versions (#2000)
* Update ASFF template (#1914)
* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)
* test(go): add integration tests for gomod (#1989)
* fix(python): fixed panic when scan .egg archive (#1992)
* fix(go): set correct go modules type (#1990)
* feat(alpine): support apk repositories (#1987)
* docs: add CBL-Mariner (#1982)
* docs(go): fix version (#1986)
* feat(go): support go.mod in Go 1.17+ (#1985)
* ci: fix URLs in the PR template (#1972)
* ci: add semantic pull requests check (#1968)
* docs(issue): added docs for wrong detection issues (#1961)
Update to version 0.25.4:
* docs: move CONTRIBUTING.md to docs (#1971)
* refactor(table): use file name instead package path (#1966)
* fix(sbom): add --db-repository (#1964)
* feat(table): add PkgPath in table result (#1960)
* fix(pom): merge multiple pom imports in a good manner (#1959)
Update to version 0.25.3:
* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)
* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)
* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)
* feat(jar): allow setting Maven Central URL using environment variable (#1939)
* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)
* chore(chart): remove version comments (#1933)
Update to version 0.25.2:
* fix(downloadDB): add flag to server command (#1942)
Update to version 0.25.1:
* fix(misconf): update defsec to resolve panics (#1935)
* docs: restructure the documentation (#1887)
* Add trivy horizontal logo (#1932)
* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)
- Buildrequire go1.18 as upstream says in go.mod
Update to version 0.25.0:
* docs(filter vulnerabilities): fix link (#1880)
* feat(template) Add misconfigurations to gitlab codequality report (#1756)
* fix(rpc): add PkgPath field to client / server mode (#1643)
* fix(vulnerabilities): fixed trivy-db vulns (#1883)
* feat(cache): remove temporary cache after filesystem scanning (#1868)
* feat(sbom): add a dedicated sbom command (#1799)
* feat(cyclonedx): add vulnerabilities (#1832)
* fix(option): hide false warning about remote options (#1865)
* feat(filesystem): scan in client/server mode (#1829)
* refactor(template): remove unused test (#1861)
* fix(cli): json format for trivy version (#1854)
* docs: change URL for tfsec-checks (#1857)
Patchnames
openSUSE-2022-10094
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for trivy", title: "Title of the patch", }, { category: "description", text: "This update for trivy fixes the following issues:\n\nUpdate to version 0.30.4:\n\n* fix: remove the first arg when running as a plugin (#2595)\n* fix: k8s controlplaner scanning (#2593)\n* fix(vuln): GitLab report template (#2578)\n\nUpdate to version 0.30.3:\n\n* fix(server): use a new db worker for hot updates (#2581)\n* docs: add trivy with download-db-only flag to Air-Gapped Environment (#2583)\n* docs: split commands to download db for different versions of oras (#2582)\n* feat(report): export exitcode for license checks (#2564)\n* fix: cli can use lowercase for severities (#2565)\n* fix: allow subcommands with TRIVY_RUN_AS_PLUGIN (#2577)\n* fix: add missing types in TypeOSes and TypeLanguages in analyzer (#2569)\n* fix: enable some features of the wasm runtime (#2575)\n* fix(k8s): no error logged if trivy can't get docker image in kubernetes mode (#2521)\n* docs(sbom): improve sbom attestation documentation (#2566)\n\nUpdate to version 0.30.2:\n\n* fix(report): show the summary without results (#2548)\n* fix(cli): replace '-' to '_' for env vars (#2561)\n\nUpdate to version 0.30.1:\n\n* chore: remove a test repository (#2551)\n* fix(license): lazy loading of classifiers (#2547)\n* fix: CVE-2022-1996 in Trivy (#2499)\n* docs(sbom): add sbom attestation (#2527)\n* feat(rocky): set Rocky Linux 9 EOL (#2543)\n* docs: add attributes to the video tag to autoplay demo videos (#2538)\n* fix: yaml files with non-string chart name (#2534)\n* fix: skip dirs (#2530)\n* feat(repo): add support for branch, commit, & tag (#2494)\n* fix: remove auto configure environment variables via viper (#2526)\n\nUpdate to version 0.30.0:\n\n* fix: separating multiple licenses from one line in dpkg copyright files (#2508)\n* fix: change a capital letter for `plugin uninstall` subcommand (#2519)\n* fix: k8s hide empty report when scanning resource (#2517)\n* refactor: fix comments (#2516)\n* fix: scan vendor dir (#2515)\n* feat: Add support for license scanning (#2418)\n* chore: add owners for secret scanning (#2485)\n* fix: remove dependency-tree flag for image subcommand (#2492)\n* fix(k8s): add shorthand for k8s namespace flag (#2495)\n* docs: add information about using multiple servers to troubleshooting (#2498)\n* ci: add pushing canary build images to registries (#2428)\n* feat(dotnet): add support for .Net core .deps.json files (#2487)\n* feat(amazon): add support for 2022 version (#2429)\n* Type correction bitnami chart (#2415)\n* docs: add config file and update CLI references (#2489)\n* feat: add support for flag groups (#2488)\n* refactor: move from urfave/cli to spf13/cobra (#2458)\n* fix: Fix secrets output not containing file/lines (#2467)\n* fix: clear output with modules (#2478)\n* docs(cbl): distroless 1.0 supported (#2473)\n* fix: Fix example dockerfile rego policy (#2460)\n* fix(config): add helm to list of config analyzers (#2457)\n* feat: k8s resouces scan (#2395)\n* feat(sbom): add cyclonedx sbom scan (#2203)\n* docs: remove links to removed content (#2431)\n* ci: added rpm build for rhel 9 (#2437)\n* fix(secret): remove space from asymmetric private key (#2434)\n* test(integration): fix golden files for debian 9 (#2435)\n* fix(cli): fix version string in docs link when secret scanning is enabled (#2422)\n* refactor: move CycloneDX marshaling (#2420)\n* docs(nodejs): add docs about pnpm support (#2423)\n* docs: improve k8s usage documentation (#2425)\n* feat: Make secrets scanning output consistant (#2410)\n* ci: create canary build after main branch changes (#1638)\n* fix(misconf): skip broken scans (#2396)\n* feat(nodejs): add pnpm support (#2414)\n* fix: Fix false positive for use of COS images (#2413)\n* eliminate nerdctl dependency (#2412)\n* Add EOL date for SUSE SLES 15.3, 15.4 and OpenSUSE 15.4 (#2403)\n* fix(go): no cast to lowercase go package names (#2401)\n* BREAKING(sbom): change 'trivy sbom' to scan SBOM (#2408)\n* fix(server): hot update the db from custom repository (#2406)\n* feat: added license parser for dpkg (#2381)\n* fix(misconf): Update defsec (v0.68.5) to fix docker rego duplicate key (#2400)\n* feat: extract stripe publishable and secret keys (#2392)\n* feat: rbac support k8s sub-command (#2339)\n* feat(ruby): drop platform strings from dependency versions bundled with bundler v2 (#2390)\n* docs: Updating README with new CLI command (#2359)\n* fix(misconf): Update defsec to v0.68.4 to resolve CF detection bug (#2383)\n* chore: add integration label and merge security label (#2316)\n\nUpdate to version 0.29.2:\n\n* chore: skip Visual Studio Code project folder (#2379)\n* fix(helm): handle charts with templated names (#2374)\n* docs: redirect operator docs to trivy-operator repo (#2372)\n* fix(secret): use secret result when determining Failed status (#2370)\n* try removing libdb-dev\n* run integration tests in fanal\n* use same testing images in fanal\n* feat(helm): add support for trivy dbRepository (#2345)\n* fix: Fix failing test due to deref lint issue\n* test: Fix broken test\n* fix: Fix makefile when no previous named ref is visible in a shallow clone\n* chore: Fix linting issues in fanal\n* refactor: Fix fanal import paths and remove dotfiles\n\nUpdate to version 0.29.1:\n\n* fix(report): add required fields to the SARIF template (#2341)\n* chore: fix spelling errors (#2352)\n* Omit Remediation if PrimaryURL is empty (#2006)\n* docs(repo): Link to installation documentation in readme shows 404 (#2348)\n* feat(alma): support for scanning of modular packages for AlmaLinux (#2347)\n\nUpdate to version 0.29.0:\n\n* fix(lang): fix dependency graph in client server mode (#2336)\n* feat: allow expiration date for .trivyignore entries (#2332)\n* feat(lang): add dependency origin graph (#1970)\n* docs: update nix installation info (#2331)\n* feat: add rbac scanning support (#2328)\n* refactor: move WordPress module to another repository (#2329)\n* ci: add support for ppc64le (#2281)\n* feat: add support for WASM modules (#2195)\n* feat(secret): show recommendation for slow scanning (#2051)\n* fix(flag): remove --clear-cache flag client mode (#2301)\n* fix(java): added check for looping for variable evaluation in pom file (#2322)\n* BREAKING(k8s): change CLI API (#2186)\n* feat(alpine): add Alpine Linux 3.16 (#2319)\n* ci: add `go mod tidy` check (#2314)\n* chore: run `go mod tidy` (#2313)\n* fix: do not exit if one resource is not found (#2311)\n* feat(cli): use stderr for all log messages (resolve #381) (#2289)\n* test: replace deprecated subcommand client in integration tests (#2308)\n* feat: add support for containerd (#2305)\n* fix(kubernetes): Support floats in manifest yaml (#2297)\n* docs(kubernetes): dead links (#2307)\n* chore: add license label (#2304)\n* feat(mariner): added support for CBL-Mariner Distroless v2.0 (#2293)\n* feat(helm): add pod annotations (#2272)\n* refactor: do not import defsec in fanal types package (#2292)\n* feat(report): Add misconfiguration support to ASFF report template (#2285)\n* test: use images in GHCR (#2275)\n* feat(helm): support pod annotations (#2265)\n* feat(misconf): Helm chart scanning (#2269)\n* docs: Update custom rego policy docs to reflect latest defsec/fanal changes (#2267)\n* fix: mask redis credentials when logging (#2264)\n* refactor: extract commands Runner interface (#2147)\n* docs: update operator release (#2263)\n* feat(redhat): added architecture check (#2172)\n* docs: updating links in the docs to work again (#2256)\n* docs: fix readme (#2251)\n* fix: fixed incorrect CycloneDX output format (#2255)\n* refactor(deps): move dependencies to package (#2189)\n* fix(report): change github format version to required (#2229)\n* docs: update readme (#2110)\n* docs: added information about choosing advisory database (#2212)\n* chore: update trivy-kubernetes (#2224)\n* docs: clarifying parts of the k8s docs and updating links (#2222)\n* fix(k8s): timeout error logging (#2179)\n* chore(deps): updated fanal after fix AsymmetricPrivateKeys (#2214)\n* feat(k8s): add --context flag (#2171)\n* fix(k8s): properly instantiate TableWriter (#2175)\n* test: fixed integration tests after updating testcontainers to v0.13.0 (#2208)\n* chore: update labels (#2197)\n* fix(report): fixed panic if all misconf reports were removed in filter (#2188)\n* feat(k8s): scan secrets (#2178)\n* feat(report): GitHub Dependency Snapshots support (#1522)\n* feat(db): added insecure skip tls verify to download trivy db (#2140)\n* fix(redhat): always use vulns with fixed version if there is one (#2165)\n* chore(redhat): Add support for Red Hat UBI 9. (#2183)\n* fix(k8s): update trivy-kubernetes (#2163)\n* fix misconfig start line for code quality tpl (#2181)\n* fix: update docker/distribution from 2.8.0 to 2.8.1 (#2176)\n* docs(vuln): Include GitLab 15.0 integration (#2153)\n* docs: fix the operator version (#2167)\n* fix(k8s): summary report when when only vulns exit (#2146)\n* chore(deps): Update fanal to get defsec v0.58.2 (fixes false positives in ksv038) (#2156)\n* perf(misconf): Improve performance when scanning very large files (#2152)\n* docs(misconf): Update examples and docs to refer to builtin/defsec instead of appshield (#2150)\n* chore(deps): Update fanal (for less verbose code in misconf results) (#2151)\n* docs: fixed installation instruction for rhel/centos (#2143)\n\nUpdate to version 0.28.0 (boo#1199760, CVE-2022-28946):\n\n* fix: remove Highlighted from json output (#2131)\n* fix: remove trivy-kubernetes replace (#2132)\n* docs: Add Operator docs under Kubernetes section (#2111)\n* fix(k8s): security-checks panic (#2127)\n* ci: added k8s scope (#2130)\n* docs: Update misconfig output in examples (#2128)\n* fix(misconf): Fix coloured output in Goland terminal (#2126)\n* docs(secret): Fix default value of --security-checks in docs (#2107)\n* refactor(report): move colorize function from trivy-db (#2122)\n* feat: k8s resource scanning (#2118)\n* chore: add CODEOWNERS (#2121)\n* feat(image): add `--server` option for remote scans (#1871)\n* refactor: k8s (#2116)\n* refactor: export useful APIs (#2108)\n* docs: fix k8s doc (#2114)\n* feat(kubernetes): Add report flag for summary (#2112)\n* fix: Remove problematic advanced rego policies (#2113)\n* feat(misconf): Add special output format for misconfigurations (#2100)\n* feat: add k8s subcommand (#2065)\n* chore: fix make lint version (#2102)\n* fix(java): handle relative pom modules (#2101)\n* fix(misconf): Add missing links for non-rego misconfig results (#2094)\n* feat(misconf): Added fs.FS based scanning via latest defsec (#2084)\n* chore(os): updated fanal version and alpine distroless test (#2086)\n* feat(report): add support for SPDX (#2059)\n* chore: app version 0.27.0 (#2046)\n* fix(misconf): added to skip conf files if their scanning is not enabled (#2066)\n* docs(secret) fix rule path in docs (#2061)\n* docs: change from go.sum to go.mod (#2056)\n\nUpdate to version 0.27.1:\n\n* refactor(fs): scanner options (#2050)\n* feat(secret): truncate long line (#2052)\n* docs: fix a broken bullets (#2042)\n* feat(ubuntu): add 22.04 approx eol date (#2044)\n* docs: update installation.md (#2027)\n* docs: add Containerfile (#2032)\n\nUpdate to version 0.27.0:\n\n* fix(go): fixed panic to scan gomod without version (#2038)\n* docs(mariner): confirm it works with Mariner 2.0 VM (#2036)\n* feat(secret): support enable rules (#2035)\n* chore: app version 26.0 (#2030)\n* docs(secret): add a demo movie (#2031)\n* feat: support cache TTL in Redis (#2021)\n* fix(go): skip system installed binaries (#2028)\n* fix(go): check if go.sum is nil (#2029)\n* feat: add secret scanning (#1901)\n* chore: gh publish only with push the tag release (#2025)\n* fix(fs): ignore permission errors (#2022)\n* test(mod): using correct module inside test go.mod (#2020)\n* feat(server): re-add proxy support for client/server communications (#1995)\n* fix(report): truncate a description before escaping in ASFF template (#2004)\n* fix(cloudformation): correct margin removal for empty lines (#2002)\n* fix(template): correct check of old sarif template files (#2003)\n\nUpdate to version 0.26.0:\n\n* feat(alpine): warn mixing versions (#2000)\n* Update ASFF template (#1914)\n* chore(deps): replace `containerd/containerd` version to fix CVE-2022-23648 (#1994)\n* test(go): add integration tests for gomod (#1989)\n* fix(python): fixed panic when scan .egg archive (#1992)\n* fix(go): set correct go modules type (#1990)\n* feat(alpine): support apk repositories (#1987)\n* docs: add CBL-Mariner (#1982)\n* docs(go): fix version (#1986)\n* feat(go): support go.mod in Go 1.17+ (#1985)\n* ci: fix URLs in the PR template (#1972)\n* ci: add semantic pull requests check (#1968)\n* docs(issue): added docs for wrong detection issues (#1961)\n\nUpdate to version 0.25.4:\n\n* docs: move CONTRIBUTING.md to docs (#1971)\n* refactor(table): use file name instead package path (#1966)\n* fix(sbom): add --db-repository (#1964)\n* feat(table): add PkgPath in table result (#1960)\n* fix(pom): merge multiple pom imports in a good manner (#1959)\n\nUpdate to version 0.25.3:\n\n* fix(downloadDB): add dbRepositoryFlag to repository and rootfs commands (#1956)\n* fix(misconf): update BurntSushi/toml for fix runtime error (#1948)\n* fix(misconf): Update fanal/defsec to resolve missing metadata issues (#1947)\n* feat(jar): allow setting Maven Central URL using environment variable (#1939)\n* chore(chart): update Trivy version in HelmChart to 0.25.0 (#1931)\n* chore(chart): remove version comments (#1933)\n\nUpdate to version 0.25.2:\n\n* fix(downloadDB): add flag to server command (#1942)\n\nUpdate to version 0.25.1:\n\n* fix(misconf): update defsec to resolve panics (#1935)\n* docs: restructure the documentation (#1887)\n* Add trivy horizontal logo (#1932)\n* feat(db): Add dbRepository flag to get advisory database from OCI registry (#1873)\n\n- Buildrequire go1.18 as upstream says in go.mod\n\nUpdate to version 0.25.0:\n\n* docs(filter vulnerabilities): fix link (#1880)\n* feat(template) Add misconfigurations to gitlab codequality report (#1756)\n* fix(rpc): add PkgPath field to client / server mode (#1643)\n* fix(vulnerabilities): fixed trivy-db vulns (#1883)\n* feat(cache): remove temporary cache after filesystem scanning (#1868)\n* feat(sbom): add a dedicated sbom command (#1799)\n* feat(cyclonedx): add vulnerabilities (#1832)\n* fix(option): hide false warning about remote options (#1865)\n* feat(filesystem): scan in client/server mode (#1829)\n* refactor(template): remove unused test (#1861)\n* fix(cli): json format for trivy version (#1854)\n* docs: change URL for tfsec-checks (#1857)\n", title: "Description of the patch", }, { category: "details", text: "openSUSE-2022-10094", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_10094-1.json", }, { category: "self", summary: "URL for openSUSE-SU-2022:10094-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFXT5GO737TPBRXIUOZS7A3WOJKWSJAX/", }, { category: "self", summary: "E-Mail link for openSUSE-SU-2022:10094-1", url: "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TFXT5GO737TPBRXIUOZS7A3WOJKWSJAX/", }, { category: "self", summary: "SUSE Bug 1199760", url: "https://bugzilla.suse.com/1199760", }, { category: "self", summary: "SUSE CVE CVE-2022-1996 page", url: "https://www.suse.com/security/cve/CVE-2022-1996/", }, { category: "self", summary: "SUSE CVE CVE-2022-23648 page", url: "https://www.suse.com/security/cve/CVE-2022-23648/", }, { category: "self", summary: "SUSE CVE CVE-2022-28946 page", url: "https://www.suse.com/security/cve/CVE-2022-28946/", }, ], title: "Security update for trivy", tracking: { current_release_date: "2022-08-20T10:02:00Z", generator: { date: "2022-08-20T10:02:00Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "openSUSE-SU-2022:10094-1", initial_release_date: "2022-08-20T10:02:00Z", revision_history: [ { date: "2022-08-20T10:02:00Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.aarch64", product: { name: "trivy-0.30.4-bp153.8.1.aarch64", product_id: "trivy-0.30.4-bp153.8.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.i586", product: { name: "trivy-0.30.4-bp153.8.1.i586", product_id: "trivy-0.30.4-bp153.8.1.i586", }, }, ], category: "architecture", name: "i586", }, { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.s390x", product: { name: "trivy-0.30.4-bp153.8.1.s390x", product_id: "trivy-0.30.4-bp153.8.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "trivy-0.30.4-bp153.8.1.x86_64", product: { name: "trivy-0.30.4-bp153.8.1.x86_64", product_id: "trivy-0.30.4-bp153.8.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Package Hub 15 SP3", product: { name: "SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3", }, }, { category: "product_name", name: "openSUSE Leap 15.3", product: { name: "openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3", product_identification_helper: { cpe: "cpe:/o:opensuse:leap:15.3", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.aarch64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", }, product_reference: "trivy-0.30.4-bp153.8.1.aarch64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.i586 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", }, product_reference: "trivy-0.30.4-bp153.8.1.i586", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.s390x as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", }, product_reference: "trivy-0.30.4-bp153.8.1.s390x", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.x86_64 as component of SUSE Package Hub 15 SP3", product_id: "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", }, product_reference: "trivy-0.30.4-bp153.8.1.x86_64", relates_to_product_reference: "SUSE Package Hub 15 SP3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.aarch64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", }, product_reference: "trivy-0.30.4-bp153.8.1.aarch64", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.i586 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", }, product_reference: "trivy-0.30.4-bp153.8.1.i586", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.s390x as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", }, product_reference: "trivy-0.30.4-bp153.8.1.s390x", relates_to_product_reference: "openSUSE Leap 15.3", }, { category: "default_component_of", full_product_name: { name: "trivy-0.30.4-bp153.8.1.x86_64 as component of openSUSE Leap 15.3", product_id: "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", }, product_reference: "trivy-0.30.4-bp153.8.1.x86_64", relates_to_product_reference: "openSUSE Leap 15.3", }, ], }, vulnerabilities: [ { cve: "CVE-2022-1996", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-1996", }, ], notes: [ { category: "general", text: "Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-1996", url: "https://www.suse.com/security/cve/CVE-2022-1996", }, { category: "external", summary: "SUSE Bug 1200528 for CVE-2022-1996", url: "https://bugzilla.suse.com/1200528", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 9.1, baseSeverity: "CRITICAL", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-08-20T10:02:00Z", details: "critical", }, ], title: "CVE-2022-1996", }, { cve: "CVE-2022-23648", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-23648", }, ], notes: [ { category: "general", text: "containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information. Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-23648", url: "https://www.suse.com/security/cve/CVE-2022-23648", }, { category: "external", summary: "SUSE Bug 1196441 for CVE-2022-23648", url: "https://bugzilla.suse.com/1196441", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-08-20T10:02:00Z", details: "moderate", }, ], title: "CVE-2022-23648", }, { cve: "CVE-2022-28946", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2022-28946", }, ], notes: [ { category: "general", text: "An issue in the component ast/parser.go of Open Policy Agent v0.39.0 causes the application to incorrectly interpret every expression, causing a Denial of Service (DoS) via triggering out-of-range memory access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2022-28946", url: "https://www.suse.com/security/cve/CVE-2022-28946", }, { category: "external", summary: "SUSE Bug 1199760 for CVE-2022-28946", url: "https://bugzilla.suse.com/1199760", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.aarch64", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.i586", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.s390x", "SUSE Package Hub 15 SP3:trivy-0.30.4-bp153.8.1.x86_64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.aarch64", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.i586", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.s390x", "openSUSE Leap 15.3:trivy-0.30.4-bp153.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2022-08-20T10:02:00Z", details: "moderate", }, ], title: "CVE-2022-28946", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.