Open VinodAnandan opened 2 years ago
This is technically feasible: we'd just need to correlate the introduced/fixed/limit git hashes to the closest git tags and add the additional ranges.
For https://api.osv.dev/v1/vulns/GSD-2021-1000677
"ranges": [
{
"type": "GIT",
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/",
"events": [
{
"introduced": "a7d42ddb3099727f58366fa006f850a219cce6c8"
},
{
"limit": "c757c1f1e65d89429db1409429436cf40d47c008"
}
]
}
],
also include a
{
"type": "SEMVER",
"events": [
{
"introduced": "3.19-rc6"
},
{
"limit": "4.14.234"
}
]
}
For the Kernel, this might be difficult if the tag isn't valid SEMVER...
This issue has not had any activity for 60 days and will be automatically closed in two weeks
See https://github.com/google/osv.dev/blob/master/CONTRIBUTING.md for how to contribute a PR if you're interested in helping out.
https://osv.dev/vulnerability/GSD-2021-1000677
The "Affected versions" and the GIT "Affected ranges" range values are available. But providing the SEMVER "Afected ranges" too, will help with the enhanced affected component mapping.