rubysec / ruby-advisory-db

A database of vulnerable Ruby Gems
https://rubysec.com
Other
1.02k stars 219 forks source link

OSVDB in license #487

Open dberecz opened 3 years ago

dberecz commented 3 years ago

In the license the usage of OSVDB is mentioned and references their license. OSVDB and OSF both shut down years ago. Is it still relevant to keep them in the license? Removing them would make the license more clear and up-to-date. Thanks a lot!

postmodern commented 3 years ago

There has been work to remove any data that came from OSVDB (see #456). There are still 90 advisories named OSVDB-..., but that have no cve: ID we could rename them to. Someone will need to research each advisory (aka googling the title:) and find the missing CVE.

gems/actionpack/OSVDB-100524.yml
gems/actionpack/OSVDB-100525.yml
gems/actionpack/OSVDB-100526.yml
gems/actionpack/OSVDB-100527.yml
gems/actionpack/OSVDB-100528.yml
gems/actionpack/OSVDB-74616.yml
gems/actionpack/OSVDB-77199.yml
gems/activerecord-jdbc-adapter/OSVDB-114854.yml
gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
gems/activerecord/OSVDB-88661.yml
gems/activeresource/OSVDB-95749.yml
gems/as/OSVDB-112683.yml
gems/auto_awesomplete/OSVDB-132800.yml
gems/auto_select2/OSVDB-132800.yml
gems/backup_checksum/OSVDB-108570.yml
gems/bcrypt/OSVDB-62067.yml
gems/bcrypt-ruby/OSVDB-62067.yml
gems/brbackup/OSVDB-108899.yml
gems/brbackup/OSVDB-108900.yml
gems/builder/OSVDB-95668.yml
gems/bundler/OSVDB-115090.yml
gems/bundler/OSVDB-115091.yml
gems/bundler/OSVDB-115917.yml
gems/cap-strap/OSVDB-108575.yml
gems/curb/OSVDB-114600.yml
gems/devise/OSVDB-114435.yml
gems/doorkeeper/OSVDB-118830.yml
gems/dragonfly/OSVDB-110439.yml
gems/dragonfly/OSVDB-97854.yml
gems/enum_column3/OSVDB-94679.yml
gems/flavour_saver/OSVDB-110796.yml
gems/flukso4r/OSVDB-101577.yml
gems/fog-dragonfly/OSVDB-110439.yml
gems/fog-dragonfly/OSVDB-97854.yml
gems/gnms/OSVDB-108594.yml
gems/handlebars-source/OSVDB-131671.yml
gems/i18n/OSVDB-100528.yml
gems/jruby-sandbox/OSVDB-106279.yml
gems/json/OSVDB-101157.yml
gems/kajam/OSVDB-108530.yml
gems/karo/OSVDB-108573.yml
gems/kcapifony/OSVDB-108572.yml
gems/kompanee-recipes/OSVDB-108593.yml
gems/lingq/OSVDB-108585.yml
gems/loofah/OSVDB-90945.yml
gems/lynx/OSVDB-108579.yml
gems/mapbox-rails/OSVDB-129854.yml
gems/mapbox-rails/OSVDB-132871.yml
gems/mustache-js-rails/OSVDB-131671.yml
gems/nokogiri/OSVDB-118481.yml
gems/open-uri-cached/OSVDB-121701.yml
gems/paperclip/OSVDB-103151.yml
gems/passenger/OSVDB-90738.yml
gems/quick_magick/OSVDB-106954.yml
gems/rack-attack/OSVDB-132234.yml
gems/redcarpet/OSVDB-120415.yml
gems/redis-namespace/OSVDB-96425.yml
gems/refile/OSVDB-120857.yml
gems/ruby-saml/OSVDB-117903.yml
gems/ruby-saml/OSVDB-124383.yml
gems/ruby-saml/OSVDB-124991.yml
gems/screen_capture/OSVDB-107783.yml
gems/sidekiq/OSVDB-125675.yml
gems/sidekiq/OSVDB-125676.yml
gems/sidekiq/OSVDB-125678.yml
gems/sidekiq-pro/OSVDB-126329.yml
gems/sidekiq-pro/OSVDB-126330.yml
gems/sidekiq-pro/OSVDB-126331.yml
gems/spree_auth_devise/OSVDB-90865.yml
gems/spree_auth/OSVDB-90865.yml
gems/spree/OSVDB-119205.yml
gems/spree/OSVDB-125699.yml
gems/spree/OSVDB-125701.yml
gems/spree/OSVDB-125712.yml
gems/spree/OSVDB-125713.yml
gems/spree/OSVDB-69098.yml
gems/spree/OSVDB-73751.yml
gems/spree/OSVDB-76011.yml
gems/spree/OSVDB-81505.yml
gems/spree/OSVDB-81506.yml
gems/spree/OSVDB-90865.yml
gems/spree/OSVDB-91216.yml
gems/spree/OSVDB-91217.yml
gems/spree/OSVDB-91218.yml
gems/spree/OSVDB-91219.yml
gems/twitter-bootstrap-rails/OSVDB-109206.yml
gems/uglifier/OSVDB-126747.yml
gems/web-console/OSVDB-112346.yml
rubies/jruby/OSVDB-94644.yml
rubies/rbx/OSVDB-78119.yml

There are also 64 advisories which contain URLs to the defunct osvdb.org website, which should probably be removed. A PR could easily be submitted to remove the dead osvdb.org URLs.

gems/activerecord-jdbc-adapter/OSVDB-114854.yml
gems/activerecord-oracle_enhanced-adapter/OSVDB-95376.yml
gems/activeresource/OSVDB-95749.yml
gems/as/OSVDB-112683.yml
gems/backup_checksum/OSVDB-108570.yml
gems/brbackup/OSVDB-108899.yml
gems/brbackup/OSVDB-108900.yml
gems/builder/OSVDB-95668.yml
gems/bundler/OSVDB-115090.yml
gems/bundler/OSVDB-115091.yml
gems/bundler/OSVDB-115917.yml
gems/cap-strap/OSVDB-108575.yml
gems/curb/OSVDB-114600.yml
gems/doorkeeper/OSVDB-118830.yml
gems/dragonfly/OSVDB-110439.yml
gems/dragonfly/OSVDB-97854.yml
gems/enum_column3/OSVDB-94679.yml
gems/flavour_saver/OSVDB-110796.yml
gems/flukso4r/OSVDB-101577.yml
gems/fog-dragonfly/OSVDB-110439.yml
gems/fog-dragonfly/OSVDB-97854.yml
gems/gnms/OSVDB-108594.yml
gems/json/OSVDB-101157.yml
gems/kajam/OSVDB-108530.yml
gems/karo/OSVDB-108573.yml
gems/kcapifony/OSVDB-108572.yml
gems/kompanee-recipes/OSVDB-108593.yml
gems/lingq/OSVDB-108585.yml
gems/loofah/OSVDB-90945.yml
gems/lynx/OSVDB-108579.yml
gems/paperclip/OSVDB-103151.yml
gems/quick_magick/OSVDB-106954.yml
gems/ruby-saml/OSVDB-117903.yml
gems/screen_capture/OSVDB-107783.yml
gems/web-console/OSVDB-112346.yml
rubies/jruby/OSVDB-94644.yml
rubies/rbx/CVE-2012-5372.yml
rubies/rbx/OSVDB-78119.yml
rubies/ruby/CVE-2008-2662.yml
rubies/ruby/CVE-2008-2663.yml
rubies/ruby/CVE-2008-2664.yml
rubies/ruby/CVE-2008-2725.yml
rubies/ruby/CVE-2008-2726.yml
rubies/ruby/CVE-2008-3790.yml
rubies/ruby/CVE-2009-1904.yml
rubies/ruby/CVE-2009-4124.yml
rubies/ruby/CVE-2009-4492.yml
rubies/ruby/CVE-2010-0541.yml
rubies/ruby/CVE-2010-2489.yml
rubies/ruby/CVE-2011-1004.yml
rubies/ruby/CVE-2011-1005.yml
rubies/ruby/CVE-2011-3389.yml
rubies/ruby/CVE-2011-4815.yml
rubies/ruby/CVE-2012-4522.yml
rubies/ruby/CVE-2012-5371.yml
rubies/ruby/CVE-2013-1821.yml
rubies/ruby/CVE-2013-2065.yml
rubies/ruby/CVE-2013-4073.yml
rubies/ruby/CVE-2013-4164.yml
rubies/ruby/CVE-2014-2525.yml
rubies/ruby/CVE-2014-3916.yml
rubies/ruby/CVE-2014-4975.yml
rubies/ruby/CVE-2014-8080.yml
rubies/ruby/CVE-2014-8090.yml