almet/dangerzone
1
0
Fork 0
mirror of https://github.com/freedomofpress/dangerzone.git synced 2025-05-03 20:21:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
1281 commits 51 branches 42 tags 54 MiB
Commit graph

5 commits

Author SHA1 Message Date
Alex Pyrgiotis
add95a0d53
Ignore CVE-2024-5535 from our security scans 
We believe that Dangerzone is not affected by CVE-2024-5535 for the
following reasons:

1. This CVE affects applications that make network calls. The Dangerzone
    container does not perform any such calls, and has no access to the
    internet.
2. The OpenSSL devs have marked this issue as low severity.
 2024-07-05 17:20:03 +03:00
Alex Pyrgiotis
a6755080ad
Ignore CVE-2023-7104 from our security scans 
Our security scans for the released container image have flagged
CVE-2023-7104. Our assessment is that this CVE doesn't affect
Dangerzone, mainly because our understanding is that attackers cannot
embed SQLite dbs within LibreOffice spreadsheets.
 2024-01-09 20:28:01 +02:00
Alex Pyrgiotis
2f318f1633
Remove stale ignored CVEs 
Remove some CVEs from our ignore list of Grype, which affected previous
Dangerzone images.
 2024-01-09 20:18:11 +02:00
Alex Pyrgiotis
a2506e6968
ci: Ignore CVE-2023-28322 from security scans 
Ignore CVE-2023-28322 from our security scans, because it targets
`libcurl`, which is not used/exploitable in our offline container.
 2023-06-06 12:15:34 +03:00
Alex Pyrgiotis
8b2c5bba75
ci: Ignore two CVEs from our security scans 
Ignore two CVEs from our security scans, which were triggered when
scanning the Dangerzone container image for v0.4.1. These CVEs do not
affect out users, and we offer an explanation why.
 2023-05-17 20:29:13 +03:00