mirror of
https://github.com/ysoftdevs/DependencyCheck.git
synced 2026-01-14 07:43:40 +01:00
Jeremy Long
@@ -1027,7 +1027,7 @@ public final class CveDB implements AutoCloseable {
|
||||
} else {
|
||||
versionText = cpe.getVersion();
|
||||
}
|
||||
cpeVersion = DependencyVersionUtil.parseVersion(versionText);
|
||||
cpeVersion = DependencyVersionUtil.parseVersion(versionText, true);
|
||||
} else {
|
||||
cpeVersion = new DependencyVersion("-");
|
||||
}
|
||||
|
||||
@@ -70,6 +70,25 @@ public final class DependencyVersionUtil {
|
||||
* @return a DependencyVersion containing the version
|
||||
*/
|
||||
public static DependencyVersion parseVersion(String text) {
|
||||
return parseVersion(text, false);
|
||||
}
|
||||
|
||||
/**
|
||||
* <p>
|
||||
* A utility class to extract version numbers from file names (or other
|
||||
* strings containing version numbers.</p>
|
||||
* <pre>
|
||||
* Example:
|
||||
* Give the file name: library-name-1.4.1r2-release.jar
|
||||
* This function would return: 1.4.1.r2</pre>
|
||||
*
|
||||
* @param text the text being analyzed
|
||||
* @param firstMatchOnly if <code>false</code> and more then one
|
||||
* version string is found in the given text, null will be returned.
|
||||
* Otherwise, the first version found will be returned.
|
||||
* @return a DependencyVersion containing the version
|
||||
*/
|
||||
public static DependencyVersion parseVersion(String text, boolean firstMatchOnly) {
|
||||
if (text == null) {
|
||||
return null;
|
||||
}
|
||||
@@ -87,7 +106,7 @@ public final class DependencyVersionUtil {
|
||||
version = matcher.group();
|
||||
}
|
||||
//throw away the results if there are two things that look like version numbers
|
||||
if (matcher.find()) {
|
||||
if (!firstMatchOnly && matcher.find()) {
|
||||
return null;
|
||||
}
|
||||
if (version == null) {
|
||||
|
||||
@@ -38,30 +38,30 @@ public class EvidenceMatcher {
|
||||
/**
|
||||
* The name that the {@link Evidence} should have for a match.
|
||||
*/
|
||||
private String name;
|
||||
private final String name;
|
||||
|
||||
/**
|
||||
* The source that the {@link Evidence} should have for a match. A
|
||||
* {@code null}-value is allowed and functions as a wildcard.
|
||||
*/
|
||||
private String source;
|
||||
private final String source;
|
||||
|
||||
/**
|
||||
* The value that the {@link Evidence} should have for a match.
|
||||
*/
|
||||
private String value;
|
||||
private final String value;
|
||||
|
||||
/**
|
||||
* Whether the {@link EvidenceMatcher#value} should be interpreted as a
|
||||
* regular expression.
|
||||
*/
|
||||
private boolean regex = false;
|
||||
private final boolean regex;
|
||||
|
||||
/**
|
||||
* The confidence that the {@link Evidence} should have for a match. A
|
||||
* {@code null}-value is allowed and functions as a wildcard.
|
||||
*/
|
||||
private Confidence confidence;
|
||||
private final Confidence confidence;
|
||||
|
||||
/**
|
||||
* Creates a new EvidenceMatcher objects.
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.2.xsd">
|
||||
<hints xmlns="https://jeremylong.github.io/DependencyCheck/dependency-hint.1.3.xsd">
|
||||
<hint>
|
||||
<given><!-- NOTE: these are OR conditions -->
|
||||
<evidence type="product" source="Manifest" name="Implementation-Title" value="Spring Framework" confidence="HIGH"/>
|
||||
@@ -197,4 +197,14 @@
|
||||
<evidence type="vendor" source="hint analyzer" name="vendor" value="not_yet_commons_ssl_project" confidence="HIGHEST"/>
|
||||
</add>
|
||||
</hint>
|
||||
<hint>
|
||||
<given>
|
||||
<evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
|
||||
<evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
|
||||
</given>
|
||||
<remove>
|
||||
<evidence regex="true" type="vendor" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
|
||||
<evidence regex="true" type="product" source="pom" name="url" value=".*wordpress.*" confidence="HIGHEST"/>
|
||||
</remove>
|
||||
</hint>
|
||||
</hints>
|
||||
@@ -63,6 +63,7 @@
|
||||
7. Even if a node.js package exists - we aren't flagging the entire node.js
|
||||
8. Context project is drupal plugin
|
||||
9. mail_project is ruby library
|
||||
10. ldap_project is part of type3 written in php
|
||||
]]></notes>
|
||||
<filePath regex="true">.*(\.(dll|jar|ear|war|pom|nupkg|nuspec)|pom\.xml|package.json)$</filePath>
|
||||
<cpe>cpe:/a:sandbox:sandbox</cpe>
|
||||
@@ -77,6 +78,7 @@
|
||||
<cpe>cpe:/a:nodejs:nodejs</cpe>
|
||||
<cpe>cpe:/a:context_project:context</cpe>
|
||||
<cpe>cpe:/a:mail_project:mail</cpe>
|
||||
<cpe>cpe:/a:ldap_project:ldap</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
@@ -108,13 +110,14 @@
|
||||
<cpe>cpe:/a:oracle:glassfish</cpe>
|
||||
<cpe>cpe:/a:oracle:glassfish_server</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<!--suppress base="true">
|
||||
<notes><![CDATA[
|
||||
This was added to a broader suppression ruleg
|
||||
Suppresses false positives on ldap_project (issue #165).
|
||||
]]></notes>
|
||||
<gav regex="true">org\.forgerock\.opendj:opendj-ldap-sdk:.*</gav>
|
||||
<cpe>cpe:/a:ldap_project:ldap</cpe>
|
||||
</suppress>
|
||||
</suppress-->
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
Suppresses false positives on the org.opensaml:xmltooling
|
||||
@@ -761,13 +764,15 @@
|
||||
<gav regex="true">^org\.apache\.struts\.xwork:xwork-core:.*$</gav>
|
||||
<cpe>cpe:/a:apache:struts</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<!--suppress base="true">
|
||||
<notes><![CDATA[
|
||||
This was added to a broader suppression.
|
||||
|
||||
false positive per issue #908
|
||||
]]></notes>
|
||||
<gav regex="true">^com\.unboundid:unboundid-ldapsdk:.*$</gav>
|
||||
<cpe>cpe:/a:ldap_project:ldap</cpe>
|
||||
</suppress>
|
||||
</suppress-->
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
false positive per issue #894
|
||||
@@ -870,4 +875,944 @@
|
||||
<sha1>73a51faadb407dccdbd77234e0d5a0a648665692</sha1>
|
||||
<cpe>cpe:/a:apache:xerces2_java</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
False positive per issue #965
|
||||
]]></notes>
|
||||
<gav regex="true">^com\.typesafe\.play:play-akka-http-server_2\.\d+:.*$</gav>
|
||||
<cpe>cpe:/a:akka:akka</cpe>
|
||||
<cpe>cpe:/a:akka:http_server</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
False positive per issue #964
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.mongodb\.morphia:.*$</gav>
|
||||
<cpe>cpe:/a:git:git</cpe>
|
||||
<cpe>cpe:/a:git_project:git</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #942
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.apache\.chemistry\.opencmis:chemistry-opencmis.*$</gav>
|
||||
<cpe>cpe:/a:apache:apache_http_server</cpe>
|
||||
<cpe>cpe:/a:apache:http_server</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #942
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.alfresco\.cmis\.client:alfresco-opencmis-extension:.*$</gav>
|
||||
<cpe>cpe:/a:alfresco:alfresco</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #945
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.opensaml:xmltooling:.*$</gav>
|
||||
<cve>CVE-2015-0851</cve>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #949
|
||||
]]></notes>
|
||||
<gav regex="true">^com\.github\.waffle:waffle-jna:.*$</gav>
|
||||
<cpe>cpe:/a:git_for_windows_project:git_for_windows</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #944 - just suppressing the single CVE instead of the entire match
|
||||
as a future CVE could be meaningful to this library.
|
||||
]]></notes>
|
||||
<gav regex="true">^com\.evernote:evernote-api:.*$</gav>
|
||||
<cve>CVE-2016-4900</cve>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #951
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.apache\.portals\.pluto:pluto-portal-driver:.*$</gav>
|
||||
<cpe>cpe:/a:in-portal:in-portal</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP on ldap studio
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.apache\.directory\.api:api-ldap.*$</gav>
|
||||
<cpe>cpe:/a:apache:apache_ldap_studio</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #1003
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.mapstruct:mapstruct:.*$</gav>
|
||||
<cpe>cpe:/a:bean_project:bean</cpe>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #1004 - ldap.java is not in the JAR.
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.codehaus\.groovy:groovy:.*$</gav>
|
||||
<cve>CVE-2016-6497</cve>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #1010 - ldap.java is not in the JAR.
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.codehaus\.groovy:groovy-all:.*$</gav>
|
||||
<cve>CVE-2016-6497</cve>
|
||||
</suppress>
|
||||
<!--suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #997 - actual fix was in DependencyVersionUtils
|
||||
]]></notes>
|
||||
<gav regex="true">^com\.typesafe\.play:play-netty-utils:.*$</gav>
|
||||
<cpe>cpe:/a:playframework:play_framework</cpe>
|
||||
</suppress-->
|
||||
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #952 - instead of suppressing the whole thing, we will just
|
||||
suppress specific CVE that are for the server
|
||||
]]></notes>
|
||||
<gav regex="true">^mysql:mysql-connector-java:.*$</gav>
|
||||
<cve>CVE-2017-3331</cve>
|
||||
<cve>CVE-2017-3452</cve>
|
||||
<cve>CVE-2007-6304</cve>
|
||||
<cve>CVE-2016-5442</cve>
|
||||
<cve>CVE-2014-6555</cve>
|
||||
<cve>CVE-2015-4861</cve>
|
||||
<cve>CVE-2013-3796</cve>
|
||||
<cve>CVE-2012-0553</cve>
|
||||
<cve>CVE-2016-0659</cve>
|
||||
<cve>CVE-2002-1923</cve>
|
||||
<cve>CVE-2012-0119</cve>
|
||||
<cve>CVE-2015-0508</cve>
|
||||
<cve>CVE-2016-8283</cve>
|
||||
<cve>CVE-2017-3463</cve>
|
||||
<cve>CVE-2016-6663</cve>
|
||||
<cve>CVE-2013-5881</cve>
|
||||
<cve>CVE-2015-2573</cve>
|
||||
<cve>CVE-2016-5436</cve>
|
||||
<cve>CVE-2002-1376</cve>
|
||||
<cve>CVE-2015-0432</cve>
|
||||
<cve>CVE-2005-2558</cve>
|
||||
<cve>CVE-2017-3308</cve>
|
||||
<cve>CVE-2014-0402</cve>
|
||||
<cve>CVE-2015-0499</cve>
|
||||
<cve>CVE-2009-0819</cve>
|
||||
<cve>CVE-2012-1757</cve>
|
||||
<cve>CVE-2010-3838</cve>
|
||||
<cve>CVE-2006-4031</cve>
|
||||
<cve>CVE-2012-3180</cve>
|
||||
<cve>CVE-2015-3152</cve>
|
||||
<cve>CVE-2014-0393</cve>
|
||||
<cve>CVE-2012-3163</cve>
|
||||
<cve>CVE-2016-0594</cve>
|
||||
<cve>CVE-2014-2450</cve>
|
||||
<cve>CVE-2014-0430</cve>
|
||||
<cve>CVE-2017-3457</cve>
|
||||
<cve>CVE-2015-2567</cve>
|
||||
<cve>CVE-2017-3319</cve>
|
||||
<cve>CVE-2015-4866</cve>
|
||||
<cve>CVE-2010-1621</cve>
|
||||
<cve>CVE-2015-0409</cve>
|
||||
<cve>CVE-2016-8288</cve>
|
||||
<cve>CVE-2014-6484</cve>
|
||||
<cve>CVE-2017-3243</cve>
|
||||
<cve>CVE-2016-5633</cve>
|
||||
<cve>CVE-2017-3468</cve>
|
||||
<cve>CVE-2012-2122</cve>
|
||||
<cve>CVE-2014-2444</cve>
|
||||
<cve>CVE-2016-0642</cve>
|
||||
<cve>CVE-2012-0882</cve>
|
||||
<cve>CVE-2012-0102</cve>
|
||||
<cve>CVE-2012-5614</cve>
|
||||
<cve>CVE-2013-1567</cve>
|
||||
<cve>CVE-2016-0504</cve>
|
||||
<cve>CVE-2017-3643</cve>
|
||||
<cve>CVE-2010-2008</cve>
|
||||
<cve>CVE-2016-0608</cve>
|
||||
<cve>CVE-2015-4756</cve>
|
||||
<cve>CVE-2017-10284</cve>
|
||||
<cve>CVE-2014-6495</cve>
|
||||
<cve>CVE-2013-5793</cve>
|
||||
<cve>CVE-2014-4233</cve>
|
||||
<cve>CVE-2010-3680</cve>
|
||||
<cve>CVE-2012-0493</cve>
|
||||
<cve>CVE-2001-1275</cve>
|
||||
<cve>CVE-2013-0385</cve>
|
||||
<cve>CVE-2016-0599</cve>
|
||||
<cve>CVE-2016-5627</cve>
|
||||
<cve>CVE-2012-0113</cve>
|
||||
<cve>CVE-2013-0368</cve>
|
||||
<cve>CVE-2014-2438</cve>
|
||||
<cve>CVE-2013-1511</cve>
|
||||
<cve>CVE-2014-6478</cve>
|
||||
<cve>CVE-2017-3637</cve>
|
||||
<cve>CVE-2004-0837</cve>
|
||||
<cve>CVE-2016-0653</cve>
|
||||
<cve>CVE-2010-1626</cve>
|
||||
<cve>CVE-2013-3810</cve>
|
||||
<cve>CVE-2015-2643</cve>
|
||||
<cve>CVE-2015-4767</cve>
|
||||
<cve>CVE-2017-3265</cve>
|
||||
<cve>CVE-2009-4019</cve>
|
||||
<cve>CVE-2014-6489</cve>
|
||||
<cve>CVE-2017-3302</cve>
|
||||
<cve>CVE-2012-0087</cve>
|
||||
<cve>CVE-2016-3477</cve>
|
||||
<cve>CVE-2017-3648</cve>
|
||||
<cve>CVE-2012-1697</cve>
|
||||
<cve>CVE-2012-0487</cve>
|
||||
<cve>CVE-2016-0647</cve>
|
||||
<cve>CVE-2015-4815</cve>
|
||||
<cve>CVE-2012-1734</cve>
|
||||
<cve>CVE-2013-3804</cve>
|
||||
<cve>CVE-2013-5807</cve>
|
||||
<cve>CVE-2008-7247</cve>
|
||||
<cve>CVE-2016-5441</cve>
|
||||
<cve>CVE-2007-6303</cve>
|
||||
<cve>CVE-2014-2494</cve>
|
||||
<cve>CVE-2017-3313</cve>
|
||||
<cve>CVE-2013-3795</cve>
|
||||
<cve>CVE-2014-4238</cve>
|
||||
<cve>CVE-2015-4826</cve>
|
||||
<cve>CVE-2016-0658</cve>
|
||||
<cve>CVE-2012-0118</cve>
|
||||
<cve>CVE-2015-0507</cve>
|
||||
<cve>CVE-2015-2648</cve>
|
||||
<cve>CVE-2006-7232</cve>
|
||||
<cve>CVE-2009-5026</cve>
|
||||
<cve>CVE-2017-3462</cve>
|
||||
<cve>CVE-2016-6662</cve>
|
||||
<cve>CVE-2016-2047</cve>
|
||||
<cve>CVE-2006-4227</cve>
|
||||
<cve>CVE-2014-0001</cve>
|
||||
<cve>CVE-2002-1375</cve>
|
||||
<cve>CVE-2015-0498</cve>
|
||||
<cve>CVE-2017-10365</cve>
|
||||
<cve>CVE-2014-0401</cve>
|
||||
<cve>CVE-2013-1544</cve>
|
||||
<cve>CVE-2006-1518</cve>
|
||||
<cve>CVE-2010-3679</cve>
|
||||
<cve>CVE-2012-1756</cve>
|
||||
<cve>CVE-2004-0628</cve>
|
||||
<cve>CVE-2017-10227</cve>
|
||||
<cve>CVE-2010-3837</cve>
|
||||
<cve>CVE-2013-3809</cve>
|
||||
<cve>CVE-2016-5584</cve>
|
||||
<cve>CVE-2008-4456</cve>
|
||||
<cve>CVE-2013-5891</cve>
|
||||
<cve>CVE-2015-4761</cve>
|
||||
<cve>CVE-2013-5770</cve>
|
||||
<cve>CVE-2017-3456</cve>
|
||||
<cve>CVE-2014-2432</cve>
|
||||
<cve>CVE-2015-2566</cve>
|
||||
<cve>CVE-2014-6559</cve>
|
||||
<cve>CVE-2012-0574</cve>
|
||||
<cve>CVE-2014-0412</cve>
|
||||
<cve>CVE-2013-1555</cve>
|
||||
<cve>CVE-2017-3318</cve>
|
||||
<cve>CVE-2015-2620</cve>
|
||||
<cve>CVE-2009-4030</cve>
|
||||
<cve>CVE-2016-8287</cve>
|
||||
<cve>CVE-2016-3471</cve>
|
||||
<cve>CVE-2007-2693</cve>
|
||||
<cve>CVE-2003-0150</cve>
|
||||
<cve>CVE-2012-3173</cve>
|
||||
<cve>CVE-2014-6520</cve>
|
||||
<cve>CVE-2017-10283</cve>
|
||||
<cve>CVE-2017-3467</cve>
|
||||
<cve>CVE-2014-0386</cve>
|
||||
<cve>CVE-2004-0388</cve>
|
||||
<cve>CVE-2004-2149</cve>
|
||||
<cve>CVE-2012-0101</cve>
|
||||
<cve>CVE-2012-5613</cve>
|
||||
<cve>CVE-2013-1566</cve>
|
||||
<cve>CVE-2013-2376</cve>
|
||||
<cve>CVE-2016-5632</cve>
|
||||
<cve>CVE-2016-0503</cve>
|
||||
<cve>CVE-2017-3329</cve>
|
||||
<cve>CVE-2016-0607</cve>
|
||||
<cve>CVE-2015-4913</cve>
|
||||
<cve>CVE-2017-3642</cve>
|
||||
<cve>CVE-2012-3156</cve>
|
||||
<cve>CVE-2015-4772</cve>
|
||||
<cve>CVE-2016-0641</cve>
|
||||
<cve>CVE-2017-10320</cve>
|
||||
<cve>CVE-2014-6494</cve>
|
||||
<cve>CVE-2007-2583</cve>
|
||||
<cve>CVE-2017-3653</cve>
|
||||
<cve>CVE-2012-0492</cve>
|
||||
<cve>CVE-2001-1274</cve>
|
||||
<cve>CVE-2012-0075</cve>
|
||||
<cve>CVE-2012-3167</cve>
|
||||
<cve>CVE-2017-3636</cve>
|
||||
<cve>CVE-2012-0112</cve>
|
||||
<cve>CVE-2013-0367</cve>
|
||||
<cve>CVE-2013-0384</cve>
|
||||
<cve>CVE-2016-0652</cve>
|
||||
<cve>CVE-2012-4414</cve>
|
||||
<cve>CVE-2017-10294</cve>
|
||||
<cve>CVE-2004-0957</cve>
|
||||
<cve>CVE-2004-0836</cve>
|
||||
<cve>CVE-2016-0598</cve>
|
||||
<cve>CVE-2012-1705</cve>
|
||||
<cve>CVE-2017-10314</cve>
|
||||
<cve>CVE-2016-8318</cve>
|
||||
<cve>CVE-2015-4766</cve>
|
||||
<cve>CVE-2016-5626</cve>
|
||||
<cve>CVE-2017-3599</cve>
|
||||
<cve>CVE-2016-5609</cve>
|
||||
<cve>CVE-2014-4260</cve>
|
||||
<cve>CVE-2015-0501</cve>
|
||||
<cve>CVE-2014-4243</cve>
|
||||
<cve>CVE-2013-3783</cve>
|
||||
<cve>CVE-2013-5786</cve>
|
||||
<cve>CVE-2016-0663</cve>
|
||||
<cve>CVE-2012-0540</cve>
|
||||
<cve>CVE-2012-1696</cve>
|
||||
<cve>CVE-2000-0045</cve>
|
||||
<cve>CVE-2006-0369</cve>
|
||||
<cve>CVE-2013-1521</cve>
|
||||
<cve>CVE-2016-3459</cve>
|
||||
<cve>CVE-2012-0486</cve>
|
||||
<cve>CVE-2016-0646</cve>
|
||||
<cve>CVE-2017-3647</cve>
|
||||
<cve>CVE-2017-10167</cve>
|
||||
<cve>CVE-2017-3450</cve>
|
||||
<cve>CVE-2016-5440</cve>
|
||||
<cve>CVE-2015-0382</cve>
|
||||
<cve>CVE-2017-3312</cve>
|
||||
<cve>CVE-2011-2262</cve>
|
||||
<cve>CVE-2013-3794</cve>
|
||||
<cve>CVE-2005-0004</cve>
|
||||
<cve>CVE-2001-1454</cve>
|
||||
<cve>CVE-2013-0389</cve>
|
||||
<cve>CVE-2016-0657</cve>
|
||||
<cve>CVE-2013-1532</cve>
|
||||
<cve>CVE-2002-1921</cve>
|
||||
<cve>CVE-2012-0117</cve>
|
||||
<cve>CVE-2015-0506</cve>
|
||||
<cve>CVE-2017-3258</cve>
|
||||
<cve>CVE-2017-3461</cve>
|
||||
<cve>CVE-2012-3150</cve>
|
||||
<cve>CVE-2003-0073</cve>
|
||||
<cve>CVE-2005-2573</cve>
|
||||
<cve>CVE-2014-6564</cve>
|
||||
<cve>CVE-2006-4226</cve>
|
||||
<cve>CVE-2002-1374</cve>
|
||||
<cve>CVE-2015-4870</cve>
|
||||
<cve>CVE-2005-0711</cve>
|
||||
<cve>CVE-2010-1850</cve>
|
||||
<cve>CVE-2006-1517</cve>
|
||||
<cve>CVE-2010-3678</cve>
|
||||
<cve>CVE-2013-1526</cve>
|
||||
<cve>CVE-2004-0627</cve>
|
||||
<cve>CVE-2016-0705</cve>
|
||||
<cve>CVE-2010-3836</cve>
|
||||
<cve>CVE-2016-3518</cve>
|
||||
<cve>CVE-2013-3808</cve>
|
||||
<cve>CVE-2016-0601</cve>
|
||||
<cve>CVE-2015-4836</cve>
|
||||
<cve>CVE-2015-2571</cve>
|
||||
<cve>CVE-2016-0668</cve>
|
||||
<cve>CVE-2012-5060</cve>
|
||||
<cve>CVE-2015-4819</cve>
|
||||
<cve>CVE-2013-2381</cve>
|
||||
<cve>CVE-2015-2582</cve>
|
||||
<cve>CVE-2017-3455</cve>
|
||||
<cve>CVE-2003-0780</cve>
|
||||
<cve>CVE-2014-2431</cve>
|
||||
<cve>CVE-2003-1331</cve>
|
||||
<cve>CVE-2015-4864</cve>
|
||||
<cve>CVE-2012-3144</cve>
|
||||
<cve>CVE-2017-3317</cve>
|
||||
<cve>CVE-2005-1636</cve>
|
||||
<cve>CVE-2015-0441</cve>
|
||||
<cve>CVE-2001-0407</cve>
|
||||
<cve>CVE-2016-8286</cve>
|
||||
<cve>CVE-2007-2692</cve>
|
||||
<cve>CVE-2003-1480</cve>
|
||||
<cve>CVE-2013-2392</cve>
|
||||
<cve>CVE-2017-3641</cve>
|
||||
<cve>CVE-2016-5631</cve>
|
||||
<cve>CVE-2012-1690</cve>
|
||||
<cve>CVE-2007-5646</cve>
|
||||
<cve>CVE-2013-2375</cve>
|
||||
<cve>CVE-2016-2105</cve>
|
||||
<cve>CVE-2007-5925</cve>
|
||||
<cve>CVE-2012-5612</cve>
|
||||
<cve>CVE-2016-0502</cve>
|
||||
<cve>CVE-2014-2442</cve>
|
||||
<cve>CVE-2015-4858</cve>
|
||||
<cve>CVE-2013-1548</cve>
|
||||
<cve>CVE-2016-0606</cve>
|
||||
<cve>CVE-2015-2576</cve>
|
||||
<cve>CVE-2014-4287</cve>
|
||||
<cve>CVE-2002-0969</cve>
|
||||
<cve>CVE-2016-0640</cve>
|
||||
<cve>CVE-2015-4737</cve>
|
||||
<cve>CVE-2015-4771</cve>
|
||||
<cve>CVE-2016-5439</cve>
|
||||
<cve>CVE-1999-1188</cve>
|
||||
<cve>CVE-2007-5970</cve>
|
||||
<cve>CVE-2014-6530</cve>
|
||||
<cve>CVE-2017-3652</cve>
|
||||
<cve>CVE-2008-3963</cve>
|
||||
<cve>CVE-2013-0383</cve>
|
||||
<cve>CVE-2012-3166</cve>
|
||||
<cve>CVE-2012-0491</cve>
|
||||
<cve>CVE-2014-4214</cve>
|
||||
<cve>CVE-2016-5625</cve>
|
||||
<cve>CVE-2014-0433</cve>
|
||||
<cve>CVE-2012-3149</cve>
|
||||
<cve>CVE-2014-2436</cve>
|
||||
<cve>CVE-2016-3501</cve>
|
||||
<cve>CVE-2012-0578</cve>
|
||||
<cve>CVE-2004-0956</cve>
|
||||
<cve>CVE-2004-0835</cve>
|
||||
<cve>CVE-2014-2419</cve>
|
||||
<cve>CVE-2017-3635</cve>
|
||||
<cve>CVE-2017-10155</cve>
|
||||
<cve>CVE-2015-0500</cve>
|
||||
<cve>CVE-2016-0651</cve>
|
||||
<cve>CVE-2010-1849</cve>
|
||||
<cve>CVE-2017-10313</cve>
|
||||
<cve>CVE-2017-10276</cve>
|
||||
<cve>CVE-2015-4802</cve>
|
||||
<cve>CVE-2015-2641</cve>
|
||||
<cve>CVE-2016-0597</cve>
|
||||
<cve>CVE-2016-3492</cve>
|
||||
<cve>CVE-2007-1420</cve>
|
||||
<cve>CVE-2012-3177</cve>
|
||||
<cve>CVE-2016-0662</cve>
|
||||
<cve>CVE-2017-3646</cve>
|
||||
<cve>CVE-2012-0485</cve>
|
||||
<cve>CVE-2015-0511</cve>
|
||||
<cve>CVE-2014-6507</cve>
|
||||
<cve>CVE-2000-0148</cve>
|
||||
<cve>CVE-2013-3802</cve>
|
||||
<cve>CVE-2014-0427</cve>
|
||||
<cve>CVE-2015-4830</cve>
|
||||
<cve>CVE-2017-3291</cve>
|
||||
<cve>CVE-2015-3194</cve>
|
||||
<cve>CVE-2008-2079</cve>
|
||||
<cve>CVE-2009-4028</cve>
|
||||
<cve>CVE-2016-3486</cve>
|
||||
<cve>CVE-2012-5383</cve>
|
||||
<cve>CVE-2013-3793</cve>
|
||||
<cve>CVE-2012-4452</cve>
|
||||
<cve>CVE-2017-3257</cve>
|
||||
<cve>CVE-2010-3683</cve>
|
||||
<cve>CVE-2001-1453</cve>
|
||||
<cve>CVE-2012-0496</cve>
|
||||
<cve>CVE-2004-0457</cve>
|
||||
<cve>CVE-2013-1531</cve>
|
||||
<cve>CVE-2012-0116</cve>
|
||||
<cve>CVE-2012-1689</cve>
|
||||
<cve>CVE-2016-0639</cve>
|
||||
<cve>CVE-2015-4807</cve>
|
||||
<cve>CVE-2015-0505</cve>
|
||||
<cve>CVE-2016-0656</cve>
|
||||
<cve>CVE-2015-0381</cve>
|
||||
<cve>CVE-2006-4380</cve>
|
||||
<cve>CVE-2017-3460</cve>
|
||||
<cve>CVE-2004-0381</cve>
|
||||
<cve>CVE-2005-2572</cve>
|
||||
<cve>CVE-2002-1373</cve>
|
||||
<cve>CVE-2017-3305</cve>
|
||||
<cve>CVE-2005-0710</cve>
|
||||
<cve>CVE-2016-0667</cve>
|
||||
<cve>CVE-2006-1516</cve>
|
||||
<cve>CVE-2010-3677</cve>
|
||||
<cve>CVE-2016-0546</cve>
|
||||
<cve>CVE-2016-0600</cve>
|
||||
<cve>CVE-2010-3835</cve>
|
||||
<cve>CVE-2013-3807</cve>
|
||||
<cve>CVE-2009-4484</cve>
|
||||
<cve>CVE-2012-3160</cve>
|
||||
<cve>CVE-2017-3454</cve>
|
||||
<cve>CVE-2013-1570</cve>
|
||||
<cve>CVE-2014-2430</cve>
|
||||
<cve>CVE-2016-5444</cve>
|
||||
<cve>CVE-2014-4258</cve>
|
||||
<cve>CVE-2012-0572</cve>
|
||||
<cve>CVE-2012-2750</cve>
|
||||
<cve>CVE-2013-3798</cve>
|
||||
<cve>CVE-2016-0611</cve>
|
||||
<cve>CVE-2016-3424</cve>
|
||||
<cve>CVE-2015-0423</cve>
|
||||
<cve>CVE-2007-2691</cve>
|
||||
<cve>CVE-2013-2391</cve>
|
||||
<cve>CVE-2014-6464</cve>
|
||||
<cve>CVE-2017-3465</cve>
|
||||
<cve>CVE-2013-0371</cve>
|
||||
<cve>CVE-2014-0384</cve>
|
||||
<cve>CVE-2015-2575</cve>
|
||||
<cve>CVE-2014-6568</cve>
|
||||
<cve>CVE-2012-0583</cve>
|
||||
<cve>CVE-2012-2102</cve>
|
||||
<cve>CVE-2012-5611</cve>
|
||||
<cve>CVE-2005-0799</cve>
|
||||
<cve>CVE-2016-5630</cve>
|
||||
<cve>CVE-2006-0903</cve>
|
||||
<cve>CVE-2016-0605</cve>
|
||||
<cve>CVE-2017-3640</cve>
|
||||
<cve>CVE-2016-3452</cve>
|
||||
<cve>CVE-2017-3251</cve>
|
||||
<cve>CVE-2017-3651</cve>
|
||||
<cve>CVE-2012-0490</cve>
|
||||
<cve>CVE-2013-5894</cve>
|
||||
<cve>CVE-2016-0596</cve>
|
||||
<cve>CVE-2017-3634</cve>
|
||||
<cve>CVE-2017-3459</cve>
|
||||
<cve>CVE-2001-1255</cve>
|
||||
<cve>CVE-2014-2435</cve>
|
||||
<cve>CVE-2016-0650</cve>
|
||||
<cve>CVE-2017-10379</cve>
|
||||
<cve>CVE-2016-0616</cve>
|
||||
<cve>CVE-2015-4905</cve>
|
||||
<cve>CVE-2012-1703</cve>
|
||||
<cve>CVE-2005-0709</cve>
|
||||
<cve>CVE-2010-1848</cve>
|
||||
<cve>CVE-2016-5624</cve>
|
||||
<cve>CVE-2002-1809</cve>
|
||||
<cve>CVE-2015-4792</cve>
|
||||
<cve>CVE-2016-8327</cve>
|
||||
<cve>CVE-2016-0661</cve>
|
||||
<cve>CVE-2014-6469</cve>
|
||||
<cve>CVE-2012-0484</cve>
|
||||
<cve>CVE-2017-10286</cve>
|
||||
<cve>CVE-2016-5635</cve>
|
||||
<cve>CVE-2000-0981</cve>
|
||||
<cve>CVE-2014-4207</cve>
|
||||
<cve>CVE-2013-3801</cve>
|
||||
<cve>CVE-2013-1502</cve>
|
||||
<cve>CVE-2015-0439</cve>
|
||||
<cve>CVE-2013-5767</cve>
|
||||
<cve>CVE-2016-3615</cve>
|
||||
<cve>CVE-2012-2749</cve>
|
||||
<cve>CVE-2013-5908</cve>
|
||||
<cve>CVE-2016-0644</cve>
|
||||
<cve>CVE-2015-2617</cve>
|
||||
<cve>CVE-2017-3645</cve>
|
||||
<cve>CVE-2017-10165</cve>
|
||||
<cve>CVE-2015-4879</cve>
|
||||
<cve>CVE-2008-4098</cve>
|
||||
<cve>CVE-2017-3273</cve>
|
||||
<cve>CVE-2014-6551</cve>
|
||||
<cve>CVE-2017-3256</cve>
|
||||
<cve>CVE-2010-3682</cve>
|
||||
<cve>CVE-2012-0495</cve>
|
||||
<cve>CVE-2016-0655</cve>
|
||||
<cve>CVE-2010-3840</cve>
|
||||
<cve>CVE-2016-5629</cve>
|
||||
<cve>CVE-2012-0115</cve>
|
||||
<cve>CVE-2012-1688</cve>
|
||||
<cve>CVE-2014-0437</cve>
|
||||
<cve>CVE-2013-3812</cve>
|
||||
<cve>CVE-2012-5627</cve>
|
||||
<cve>CVE-2017-3639</cve>
|
||||
<cve>CVE-2015-4769</cve>
|
||||
<cve>CVE-2015-0391</cve>
|
||||
<cve>CVE-2013-5860</cve>
|
||||
<cve>CVE-2015-4730</cve>
|
||||
<cve>CVE-2017-3600</cve>
|
||||
<cve>CVE-2015-0374</cve>
|
||||
<cve>CVE-2015-0411</cve>
|
||||
<cve>CVE-2016-0666</cve>
|
||||
<cve>CVE-2010-3676</cve>
|
||||
<cve>CVE-2012-0489</cve>
|
||||
<cve>CVE-2017-3529</cve>
|
||||
<cve>CVE-2010-3834</cve>
|
||||
<cve>CVE-2013-3806</cve>
|
||||
<cve>CVE-2016-8290</cve>
|
||||
<cve>CVE-2016-0649</cve>
|
||||
<cve>CVE-2015-2639</cve>
|
||||
<cve>CVE-2014-4274</cve>
|
||||
<cve>CVE-2017-3453</cve>
|
||||
<cve>CVE-2016-5443</cve>
|
||||
<cve>CVE-2009-2446</cve>
|
||||
<cve>CVE-2015-0385</cve>
|
||||
<cve>CVE-2006-2753</cve>
|
||||
<cve>CVE-2016-3440</cve>
|
||||
<cve>CVE-2013-1552</cve>
|
||||
<cve>CVE-2016-0610</cve>
|
||||
<cve>CVE-2015-4862</cve>
|
||||
<cve>CVE-2015-0405</cve>
|
||||
<cve>CVE-2016-8284</cve>
|
||||
<cve>CVE-2015-4890</cve>
|
||||
<cve>CVE-2014-6463</cve>
|
||||
<cve>CVE-2017-3464</cve>
|
||||
<cve>CVE-2016-6664</cve>
|
||||
<cve>CVE-2014-2440</cve>
|
||||
<cve>CVE-2014-6500</cve>
|
||||
<cve>CVE-2016-5612</cve>
|
||||
<cve>CVE-2017-10384</cve>
|
||||
<cve>CVE-2014-0420</cve>
|
||||
<cve>CVE-2015-4910</cve>
|
||||
<cve>CVE-2013-5882</cve>
|
||||
<cve>CVE-2015-4752</cve>
|
||||
<cve>CVE-2017-3309</cve>
|
||||
<cve>CVE-2016-5437</cve>
|
||||
<cve>CVE-2015-0433</cve>
|
||||
<cve>CVE-2015-2611</cve>
|
||||
<cve>CVE-2010-3839</cve>
|
||||
<cve>CVE-2006-3081</cve>
|
||||
<cve>CVE-2014-6491</cve>
|
||||
<cve>CVE-2014-6474</cve>
|
||||
<cve>CVE-2017-3650</cve>
|
||||
<cve>CVE-2014-2451</cve>
|
||||
<cve>CVE-2016-0595</cve>
|
||||
<cve>CVE-2017-3633</cve>
|
||||
<cve>CVE-2017-3458</cve>
|
||||
<cve>CVE-2014-0431</cve>
|
||||
<cve>CVE-2012-3147</cve>
|
||||
<cve>CVE-2014-2434</cve>
|
||||
<cve>CVE-2015-2568</cve>
|
||||
<cve>CVE-2017-10378</cve>
|
||||
<cve>CVE-2015-4904</cve>
|
||||
<cve>CVE-2015-4800</cve>
|
||||
<cve>CVE-2012-1702</cve>
|
||||
<cve>CVE-2017-10311</cve>
|
||||
<cve>CVE-2013-3839</cve>
|
||||
<cve>CVE-2016-8289</cve>
|
||||
<cve>CVE-2014-4240</cve>
|
||||
<cve>CVE-2015-4791</cve>
|
||||
<cve>CVE-2017-3244</cve>
|
||||
<cve>CVE-2013-2395</cve>
|
||||
<cve>CVE-2015-4895</cve>
|
||||
<cve>CVE-2016-5634</cve>
|
||||
<cve>CVE-2012-0120</cve>
|
||||
<cve>CVE-2013-0375</cve>
|
||||
<cve>CVE-2013-2378</cve>
|
||||
<cve>CVE-2012-3158</cve>
|
||||
<cve>CVE-2014-6505</cve>
|
||||
<cve>CVE-2017-10268</cve>
|
||||
<cve>CVE-2012-5615</cve>
|
||||
<cve>CVE-2016-0505</cve>
|
||||
<cve>CVE-2016-0643</cve>
|
||||
<cve>CVE-2016-3614</cve>
|
||||
<cve>CVE-2015-0438</cve>
|
||||
<cve>CVE-2016-0609</cve>
|
||||
<cve>CVE-2015-4757</cve>
|
||||
<cve>CVE-2017-3644</cve>
|
||||
<cve>CVE-2008-4097</cve>
|
||||
<cve>CVE-2016-7440</cve>
|
||||
<cve>CVE-2014-6496</cve>
|
||||
<cve>CVE-2006-3486</cve>
|
||||
<cve>CVE-2013-1492</cve>
|
||||
<cve>CVE-2015-2661</cve>
|
||||
<cve>CVE-2016-3521</cve>
|
||||
<cve>CVE-2010-3681</cve>
|
||||
<cve>CVE-2017-10296</cve>
|
||||
<cve>CVE-2006-3469</cve>
|
||||
<cve>CVE-2013-2389</cve>
|
||||
<cve>CVE-2012-0494</cve>
|
||||
<cve>CVE-2016-5628</cve>
|
||||
<cve>CVE-2017-3638</cve>
|
||||
<cve>CVE-2012-0114</cve>
|
||||
<cve>CVE-2013-0386</cve>
|
||||
<cve>CVE-2013-1512</cve>
|
||||
<cve>CVE-2016-3588</cve>
|
||||
<cve>CVE-2017-3238</cve>
|
||||
<cve>CVE-2013-3811</cve>
|
||||
<cve>CVE-2016-0654</cve>
|
||||
<cve>CVE-2016-5507</cve>
|
||||
<cve>CVE-2017-10279</cve>
|
||||
<cve>CVE-2015-0503</cve>
|
||||
<cve>CVE-2012-5096</cve>
|
||||
<cve>CVE-2016-3495</cve>
|
||||
<cve>CVE-2017-3320</cve>
|
||||
<cve>CVE-2012-3197</cve>
|
||||
<cve>CVE-2014-2484</cve>
|
||||
<cve>CVE-2008-0226</cve>
|
||||
<cve>CVE-2011-5049</cve>
|
||||
<cve>CVE-2016-0665</cve>
|
||||
<cve>CVE-2017-3649</cve>
|
||||
<cve>CVE-2012-0488</cve>
|
||||
<cve>CVE-2013-1523</cve>
|
||||
<cve>CVE-2016-0648</cve>
|
||||
<cve>CVE-2010-3833</cve>
|
||||
<cve>CVE-2012-1735</cve>
|
||||
<cve>CVE-2013-3805</cve>
|
||||
<cve>CVE-2013-1506</cve>
|
||||
<cve>CVE-2015-4833</cve>
|
||||
<cve>CVE-2015-4816</cve>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #946 - instead of suppressing the whole thing, we will just
|
||||
suppress specific CVE that are for the server
|
||||
]]></notes>
|
||||
<gav regex="true">^postgresql:postgresql:.*$</gav>
|
||||
<cve>CVE-2006-5540</cve>
|
||||
<cve>CVE-2006-5542</cve>
|
||||
<cve>CVE-2007-6600</cve>
|
||||
<cve>CVE-2007-3279</cve>
|
||||
<cve>CVE-2016-5423</cve>
|
||||
<cve>CVE-2005-0244</cve>
|
||||
<cve>CVE-2006-2314</cve>
|
||||
<cve>CVE-2005-0246</cve>
|
||||
<cve>CVE-2005-1410</cve>
|
||||
<cve>CVE-2006-0678</cve>
|
||||
<cve>CVE-2002-0972</cve>
|
||||
<cve>CVE-2005-0227</cve>
|
||||
<cve>CVE-2002-1402</cve>
|
||||
<cve>CVE-2004-0977</cve>
|
||||
<cve>CVE-2013-1899</cve>
|
||||
<cve>CVE-2003-0901</cve>
|
||||
<cve>CVE-2010-0733</cve>
|
||||
<cve>CVE-2010-1447</cve>
|
||||
<cve>CVE-2002-1642</cve>
|
||||
<cve>CVE-2006-0553</cve>
|
||||
<cve>CVE-2002-1400</cve>
|
||||
<cve>CVE-2007-3280</cve>
|
||||
<cve>CVE-2017-7484</cve>
|
||||
<cve>CVE-2009-4034</cve>
|
||||
<cve>CVE-2017-7486</cve>
|
||||
<cve>CVE-2012-3489</cve>
|
||||
<cve>CVE-2009-4136</cve>
|
||||
<cve>CVE-2014-0061</cve>
|
||||
<cve>CVE-2015-5288</cve>
|
||||
<cve>CVE-1999-0862</cve>
|
||||
<cve>CVE-2014-0063</cve>
|
||||
<cve>CVE-2014-0065</cve>
|
||||
<cve>CVE-2007-2138</cve>
|
||||
<cve>CVE-2002-1397</cve>
|
||||
<cve>CVE-2007-0556</cve>
|
||||
<cve>CVE-2002-1399</cve>
|
||||
<cve>CVE-2006-0105</cve>
|
||||
<cve>CVE-2016-0766</cve>
|
||||
<cve>CVE-2010-0442</cve>
|
||||
<cve>CVE-2014-0067</cve>
|
||||
<cve>CVE-2002-1657</cve>
|
||||
<cve>CVE-2017-7548</cve>
|
||||
<cve>CVE-2010-1975</cve>
|
||||
<cve>CVE-2012-0866</cve>
|
||||
<cve>CVE-2012-0868</cve>
|
||||
<cve>CVE-2013-1903</cve>
|
||||
<cve>CVE-2013-1901</cve>
|
||||
<cve>CVE-2016-0768</cve>
|
||||
<cve>CVE-2017-7546</cve>
|
||||
<cve>CVE-2009-3231</cve>
|
||||
<cve>CVE-2016-2193</cve>
|
||||
<cve>CVE-2006-5541</cve>
|
||||
<cve>CVE-2016-3065</cve>
|
||||
<cve>CVE-2007-3278</cve>
|
||||
<cve>CVE-2007-6601</cve>
|
||||
<cve>CVE-2016-5424</cve>
|
||||
<cve>CVE-2006-2313</cve>
|
||||
<cve>CVE-2005-0245</cve>
|
||||
<cve>CVE-2007-4769</cve>
|
||||
<cve>CVE-2005-0247</cve>
|
||||
<cve>CVE-2009-0922</cve>
|
||||
<cve>CVE-2002-1401</cve>
|
||||
<cve>CVE-2012-2655</cve>
|
||||
<cve>CVE-2010-1169</cve>
|
||||
<cve>CVE-2012-3488</cve>
|
||||
<cve>CVE-2010-4015</cve>
|
||||
<cve>CVE-2016-0773</cve>
|
||||
<!--cve>CVE-2017-7485</cve> This affects the client -->
|
||||
<cve>CVE-2007-4772</cve>
|
||||
<cve>CVE-2014-0060</cve>
|
||||
<cve>CVE-2014-0062</cve>
|
||||
<cve>CVE-2010-1170</cve>
|
||||
<cve>CVE-2014-0064</cve>
|
||||
<cve>CVE-2015-3165</cve>
|
||||
<cve>CVE-2009-3229</cve>
|
||||
<cve>CVE-2007-0555</cve>
|
||||
<cve>CVE-2002-1398</cve>
|
||||
<cve>CVE-2000-1199</cve>
|
||||
<cve>CVE-2013-0255</cve>
|
||||
<cve>CVE-2010-3433</cve>
|
||||
<cve>CVE-2014-0066</cve>
|
||||
<cve>CVE-2004-0547</cve>
|
||||
<cve>CVE-2014-2669</cve>
|
||||
<cve>CVE-2013-1900</cve>
|
||||
<cve>CVE-2005-1409</cve>
|
||||
<cve>CVE-2002-0802</cve>
|
||||
<cve>CVE-2013-1902</cve>
|
||||
<cve>CVE-2017-7547</cve>
|
||||
<cve>CVE-2012-0867</cve>
|
||||
<cve>CVE-2012-2143</cve>
|
||||
<!--cve>CVE-2012-1618</cve> this affects the JDBC -->
|
||||
<cve>CVE-2015-5289</cve>
|
||||
<cve>CVE-2009-3230</cve>
|
||||
<cve>CVE-2007-6067</cve>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #947 - instead of suppressing the whole thing, we will just
|
||||
suppress specific CVE that are for the server
|
||||
]]></notes>
|
||||
<gav regex="true">^com\.microsoft\.sqlserver:sqljdbc4:.*$</gav>
|
||||
<cve>CVE-2000-1081</cve>
|
||||
<cve>CVE-2004-1560</cve>
|
||||
<cve>CVE-2000-1083</cve>
|
||||
<cve>CVE-2000-1085</cve>
|
||||
<cve>CVE-2009-2503</cve>
|
||||
<cve>CVE-2000-1087</cve>
|
||||
<cve>CVE-2002-1123</cve>
|
||||
<cve>CVE-2002-0057</cve>
|
||||
<cve>CVE-2009-2501</cve>
|
||||
<cve>CVE-2001-0542</cve>
|
||||
<cve>CVE-2001-0344</cve>
|
||||
<cve>CVE-2000-0654</cve>
|
||||
<cve>CVE-2009-2528</cve>
|
||||
<cve>CVE-2014-1820</cve>
|
||||
<cve>CVE-1999-0999</cve>
|
||||
<cve>CVE-2002-0859</cve>
|
||||
<cve>CVE-2012-2552</cve>
|
||||
<cve>CVE-2016-7249</cve>
|
||||
<cve>CVE-2016-7250</cve>
|
||||
<cve>CVE-2016-7252</cve>
|
||||
<cve>CVE-2014-4061</cve>
|
||||
<cve>CVE-2016-7254</cve>
|
||||
<cve>CVE-2008-0086</cve>
|
||||
<cve>CVE-2008-3013</cve>
|
||||
<cve>CVE-2009-3126</cve>
|
||||
<cve>CVE-2008-3015</cve>
|
||||
<cve>CVE-2008-5416</cve>
|
||||
<cve>CVE-2003-0231</cve>
|
||||
<cve>CVE-2002-0187</cve>
|
||||
<cve>CVE-2008-0106</cve>
|
||||
<cve>CVE-2002-1872</cve>
|
||||
<cve>CVE-2002-0641</cve>
|
||||
<cve>CVE-2002-0224</cve>
|
||||
<cve>CVE-2002-1138</cve>
|
||||
<cve>CVE-2002-0643</cve>
|
||||
<cve>CVE-2000-0202</cve>
|
||||
<cve>CVE-2000-0402</cve>
|
||||
<cve>CVE-2002-0624</cve>
|
||||
<cve>CVE-2002-0645</cve>
|
||||
<cve>CVE-2002-0649</cve>
|
||||
<cve>CVE-2007-4814</cve>
|
||||
<cve>CVE-2007-5090</cve>
|
||||
<cve>CVE-2015-1761</cve>
|
||||
<cve>CVE-2011-1280</cve>
|
||||
<cve>CVE-2017-8516</cve>
|
||||
<cve>CVE-2015-1763</cve>
|
||||
<cve>CVE-2000-1082</cve>
|
||||
<cve>CVE-2009-2500</cve>
|
||||
<cve>CVE-2000-1084</cve>
|
||||
<cve>CVE-2009-2502</cve>
|
||||
<cve>CVE-2000-1086</cve>
|
||||
<cve>CVE-2002-0154</cve>
|
||||
<cve>CVE-2002-1145</cve>
|
||||
<cve>CVE-2000-1088</cve>
|
||||
<cve>CVE-2000-0199</cve>
|
||||
<cve>CVE-2002-0056</cve>
|
||||
<cve>CVE-2012-0158</cve>
|
||||
<cve>CVE-2009-2504</cve>
|
||||
<cve>CVE-2002-0650</cve>
|
||||
<cve>CVE-2002-1981</cve>
|
||||
<cve>CVE-2001-0509</cve>
|
||||
<cve>CVE-2016-7251</cve>
|
||||
<cve>CVE-2016-7253</cve>
|
||||
<cve>CVE-2008-0085</cve>
|
||||
<cve>CVE-2008-3012</cve>
|
||||
<cve>CVE-2008-3014</cve>
|
||||
<cve>CVE-1999-1556</cve>
|
||||
<cve>CVE-2003-0230</cve>
|
||||
<cve>CVE-2002-0186</cve>
|
||||
<cve>CVE-2003-0232</cve>
|
||||
<cve>CVE-2015-1762</cve>
|
||||
<cve>CVE-2008-0107</cve>
|
||||
<cve>CVE-2002-0982</cve>
|
||||
<cve>CVE-2002-1137</cve>
|
||||
<cve>CVE-2002-0642</cve>
|
||||
<cve>CVE-2002-0721</cve>
|
||||
<cve>CVE-2002-0644</cve>
|
||||
<cve>CVE-2000-0485</cve>
|
||||
<cve>CVE-2012-1856</cve>
|
||||
<cve>CVE-2000-0603</cve>
|
||||
<cve>CVE-2001-0879</cve>
|
||||
<cve>CVE-2002-0729</cve>
|
||||
<cve>CVE-2007-5348</cve>
|
||||
<cve>CVE-2008-4110</cve>
|
||||
</suppress>
|
||||
<suppress base="true">
|
||||
<notes><![CDATA[
|
||||
FP per issue #999 - instead of suppressing the whole thing, we will just
|
||||
suppress specific CVE that are for the server
|
||||
]]></notes>
|
||||
<gav regex="true">^org\.mariadb\.jdbc:mariadb-java-client:.*$</gav>
|
||||
<cve>CVE-2016-5440</cve>
|
||||
<cve>CVE-2016-5584</cve>
|
||||
<cve>CVE-2014-6500</cve>
|
||||
<cve>CVE-2016-5444</cve>
|
||||
<cve>CVE-2014-6555</cve>
|
||||
<cve>CVE-2016-0597</cve>
|
||||
<cve>CVE-2016-5625</cve>
|
||||
<cve>CVE-2014-6559</cve>
|
||||
<cve>CVE-2016-0655</cve>
|
||||
<cve>CVE-2016-5627</cve>
|
||||
<cve>CVE-2016-5629</cve>
|
||||
<cve>CVE-2012-5627</cve>
|
||||
<cve>CVE-2016-3492</cve>
|
||||
<cve>CVE-2016-6663</cve>
|
||||
<cve>CVE-2016-3452</cve>
|
||||
<cve>CVE-2016-5630</cve>
|
||||
<cve>CVE-2016-5632</cve>
|
||||
<cve>CVE-2017-3302</cve>
|
||||
<cve>CVE-2016-3477</cve>
|
||||
<cve>CVE-2016-0641</cve>
|
||||
<cve>CVE-2014-6464</cve>
|
||||
<cve>CVE-2012-5611</cve>
|
||||
<cve>CVE-2016-0666</cve>
|
||||
<cve>CVE-2012-5613</cve>
|
||||
<cve>CVE-2016-0668</cve>
|
||||
<cve>CVE-2012-5615</cve>
|
||||
<cve>CVE-2016-0505</cve>
|
||||
<cve>CVE-2016-0649</cve>
|
||||
<cve>CVE-2016-0647</cve>
|
||||
<cve>CVE-2014-6507</cve>
|
||||
<cve>CVE-2016-0609</cve>
|
||||
<cve>CVE-2016-5634</cve>
|
||||
<cve>CVE-2016-0643</cve>
|
||||
<cve>CVE-2016-7440</cve>
|
||||
<cve>CVE-2014-6494</cve>
|
||||
<cve>CVE-2015-3152</cve>
|
||||
<cve>CVE-2014-6496</cve>
|
||||
<cve>CVE-2016-0650</cve>
|
||||
<cve>CVE-2016-0596</cve>
|
||||
<cve>CVE-2016-0598</cve>
|
||||
<cve>CVE-2016-0610</cve>
|
||||
<cve>CVE-2016-5626</cve>
|
||||
<cve>CVE-2012-4414</cve>
|
||||
<cve>CVE-2016-5507</cve>
|
||||
<cve>CVE-2016-5609</cve>
|
||||
<cve>CVE-2016-0616</cve>
|
||||
<cve>CVE-2016-5628</cve>
|
||||
<cve>CVE-2016-3521</cve>
|
||||
<cve>CVE-2016-6662</cve>
|
||||
<cve>CVE-2016-3495</cve>
|
||||
<cve>CVE-2016-6664</cve>
|
||||
<cve>CVE-2016-5631</cve>
|
||||
<cve>CVE-2016-2047</cve>
|
||||
<cve>CVE-2016-5612</cve>
|
||||
<cve>CVE-2016-0640</cve>
|
||||
<cve>CVE-2012-2122</cve>
|
||||
<cve>CVE-2016-3459</cve>
|
||||
<cve>CVE-2012-5612</cve>
|
||||
<cve>CVE-2016-0644</cve>
|
||||
<cve>CVE-2012-5614</cve>
|
||||
<cve>CVE-2014-0001</cve>
|
||||
<cve>CVE-2016-0546</cve>
|
||||
<cve>CVE-2013-1861</cve>
|
||||
<cve>CVE-2016-0600</cve>
|
||||
<cve>CVE-2016-0606</cve>
|
||||
<cve>CVE-2016-0646</cve>
|
||||
<cve>CVE-2016-0608</cve>
|
||||
<cve>CVE-2016-0648</cve>
|
||||
<cve>CVE-2016-3615</cve>
|
||||
<cve>CVE-2016-5635</cve>
|
||||
<cve>CVE-2016-5633</cve>
|
||||
<cve>CVE-2014-6469</cve>
|
||||
<cve>CVE-2014-6491</cve>
|
||||
</suppress>
|
||||
</suppressions>
|
||||
|
||||
@@ -33,7 +33,7 @@ public class DependencyVersionUtilTest extends BaseTest {
|
||||
* Test of parseVersion method, of class DependencyVersionUtil.
|
||||
*/
|
||||
@Test
|
||||
public void testParseVersion() {
|
||||
public void testParseVersion_String() {
|
||||
final String[] fileName = {"something-0.9.5.jar", "lib2-1.1.jar", "lib1.5r4-someflag-R26.jar",
|
||||
"lib-1.2.5-dev-20050313.jar", "testlib_V4.4.0.jar", "lib-core-2.0.0-RC1-SNAPSHOT.jar",
|
||||
"lib-jsp-2.0.1_R114940.jar", "dev-api-2.3.11_R121413.jar", "lib-api-3.7-SNAPSHOT.jar",
|
||||
@@ -59,4 +59,33 @@ public class DependencyVersionUtilTest extends BaseTest {
|
||||
assertNull("Found version in name that should have failed \"" + failingName + "\".", version);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of parseVersion method, of class DependencyVersionUtil.
|
||||
*/
|
||||
@Test
|
||||
public void testParseVersion_String_boolean() {
|
||||
//cpe:/a:playframework:play_framework:2.1.1:rc1-2.9.x-backport
|
||||
String text = "2.1.1.rc1.2.9.x-backport";
|
||||
boolean firstMatchOnly = false;
|
||||
DependencyVersion expResult = null;
|
||||
DependencyVersion result = DependencyVersionUtil.parseVersion(text, firstMatchOnly);
|
||||
assertNull(result);
|
||||
firstMatchOnly = true;
|
||||
expResult = DependencyVersionUtil.parseVersion("2.1.1.rc1");
|
||||
result = DependencyVersionUtil.parseVersion(text, firstMatchOnly);
|
||||
assertEquals(expResult, result);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test of parsePreVersion method, of class DependencyVersionUtil.
|
||||
*/
|
||||
@Test
|
||||
public void testParsePreVersion() {
|
||||
String text = "library-name-1.4.1r2-release.jar";
|
||||
String expResult = "library-name";
|
||||
String result = DependencyVersionUtil.parsePreVersion(text);
|
||||
assertEquals(expResult, result);
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user