Changes in Update Released on 20-February-2023
This Update includes the changes described in the following sections.
Issues/Bugs Addressed
The following issues were addressed in the Update:
Updates to OpenSSL Component
Added vulnerability information to the following openSSL components:
-
openssl(id: 58316) - https://www.openssl.org
-
openssl-openssl (id: 416271) - https://github.com/openssl/openssl
-
openssl (id: 27181269) - https://koji.fedoraproject.org/koji/packageinfo?packageID=openssl
Related to Vulnerability CVEs:
-
CVE-2023-0286 (https://nvd.nist.gov/vuln/detail/CVE-2023-0286)
-
CVE-2022-4304 (https://nvd.nist.gov/vuln/detail/CVE-2022-4304)
-
CVE-2023-0215 (https://nvd.nist.gov/vuln/detail/CVE-2023-0215)
-
CVE-2022-4450 (https://nvd.nist.gov/vuln/detail/CVE-2022-4450)
-
CVE-2023-0216 (https://nvd.nist.gov/vuln/detail/CVE-2023-0216)
-
CVE-2023-0217 (https://nvd.nist.gov/vuln/detail/CVE-2023-0217)
-
CVE-2023-0401 (https://nvd.nist.gov/vuln/detail/CVE-2023-0401)
Issue ID Issue Summary SCA-45980 Review and add the license priority for "commercial license" in licenses table
Enhanced License Detection Capability for Components
License detection capability and license evidence mechanism for the following components was updated/added:
-
PostgreSQL
-
psfrag
-
psutils
-
Qhull
-
QPL-1.0
-
Rdisc
-
RSA-MD
-
Saxpath
-
SCEA
New/Update Component Requests
-
krig-parallax
-
inuitcss-generic.normalize
Collector Status
The following table lists Collector Status information.
| Name | Date of Last Successful Run |
|---|---|
| gitlab | 11/19/2022 |
| maven2-ibiblio | 1/18/2023 |
| alpine | 2/8/2023 |
| npm | 1/31/2023 |
| crates | 8/25/2022 |
| cpan | 2/9/2023 |
| clojars | 2/9/2023 |
| rubygems | 2/10/2023 |
| maven-google | 2/10/2023 |
| cran | 2/11/2023 |
| hackage | 2/12/2023 |
| fedora-koji | 2/12/2023 |
| packagist | 2/13/2023 |
| go | 2/14/2023 |
| pypi | 2/15/2023 |
| github | 2/15/2023 |
| nuget gallery | 2/15/2023 |