OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-01-04 02:25:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

Separate "unaffected_versions" and "patched_versions"

Browse Source 
Taking a cue from RubySec, this splits the original "versions" attribute into
separate ones for versions which were never vulnerable, and ones which include
an explicit fix for a vulnerability.
This commit is contained in:
Tony Arcieri
2017-02-25 15:35:43 -08:00
parent 520426b0f8
commit c28b7ceb38
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -13,7 +13,12 @@ Each advisory contains information in [TOML] format:
```toml
[vulnerability]
package = "mypackage"
versions = ["1.2.0", "1.2.3", "1.2.4", "1.2.5"]
# Versions which were never vulnerable
unaffected_versions = ["< 1.1.0"]
# Versions which include fixes for this vulnerability
patched_versions = [">= 1.2.0"]
# It is strongly recommended to request a CVE, or alternatively a DWF, and
# reference the assigned number here.