Nixpkgs: Vulnerability roundup 85: zoom-1.1.5: 4 advisories [9.8]

Created on 18 Jun 2020  路  9Comments  路  Source: NixOS/nixpkgs

*Note this is zoom the game, not zoom-us!

search, files

  • [ ] [CVE-2018-15715](https://nvd.nist.gov/vuln/detail/CVE-2018-15715) CVSSv3=9.8 (nixos-20.03, nixos-unstable)
  • [ ] [CVE-2019-13567](https://nvd.nist.gov/vuln/detail/CVE-2019-13567) CVSSv3=8.8 (nixos-20.03, nixos-unstable)
  • [ ] [CVE-2019-13449](https://nvd.nist.gov/vuln/detail/CVE-2019-13449) CVSSv3=6.5 (nixos-20.03, nixos-unstable)
  • [ ] [CVE-2019-13450](https://nvd.nist.gov/vuln/detail/CVE-2019-13450) CVSSv3=6.5 (nixos-20.03, nixos-unstable)

Scanned versions: nixos-20.03: a84b797b28e; nixos-unstable: 22c98819ccd. May contain false positives.

security
Source
picture ckauhaus

Most helpful comment

Thanks for investigating. I'm currently collecting data in to improve on CPE matching https://github.com/flyingcircusio/vulnix/issues/62 and will come up with an improved vulnix.

picture ckauhaus on 22 Jun 2020
👍2

All 9 comments

cc @glittershark

flokli picture flokli on 18 Jun 2020
👍1

@flokli thanks for the heads up.

glittershark picture glittershark on 18 Jun 2020

Looked at each and it looks like all of these are in a version older than what's in master, which has 5.0.408598.0517.

glittershark picture glittershark on 18 Jun 2020

also both 20.03 and unstable have versions >5.0, so all four of these seem to be false positives

glittershark picture glittershark on 18 Jun 2020

oh also looking at the files linked in the description this appears to be referencing pkgs/games/zoom, which is different from the messaging client zoom-us

glittershark picture glittershark on 18 Jun 2020

Ooops, then sorry for the noise :facepalm:

flokli picture flokli on 18 Jun 2020

np! worth having a quick trigger finger on security stuff :smile:

glittershark picture glittershark on 18 Jun 2020

@ckauhaus: this is a false positive, the CVEs are for zoom-us, not for zoom, the game, as the title and linked files suggest.

puzzlewolf picture puzzlewolf on 19 Jun 2020

Thanks for investigating. I'm currently collecting data in to improve on CPE matching https://github.com/flyingcircusio/vulnix/issues/62 and will come up with an improved vulnix.

ckauhaus picture ckauhaus on 22 Jun 2020
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sid-kap picture sid-kap  路  3Comments
vaibhavsagar picture vaibhavsagar  路  3Comments
edolstra picture edolstra  路  3Comments
chris-martin picture chris-martin  路  3Comments
yawnt picture yawnt  路  3Comments