Adds a zopen audit command that gets the commit hashes of all installed packages and looks in the zopen_vulnerability.json file generated by #765 for vulnerabilities associated with those releases.
Sample of what the command output looks like:
$ zopen audit
MEDIUM severity found for gitdummy:
CVE-2022-33068
An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.
HIGH severity found for gitdummy:
CVE-2023-25193
hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
CVE Summary:
2 vulnerabilities (0 low, 1 moderate, 1 high, 0 critical)
In the future, this command could also show if newer versions of any packages are available that resolve any vulnerabilities, and another option could be added to upgrade all such packages.
Adds a
zopen audit
command that gets the commit hashes of all installed packages and looks in the zopen_vulnerability.json file generated by #765 for vulnerabilities associated with those releases.Sample of what the command output looks like:
In the future, this command could also show if newer versions of any packages are available that resolve any vulnerabilities, and another option could be added to upgrade all such packages.