From 5259523cde6123c2213bcde601fd33a05cae4797 Mon Sep 17 00:00:00 2001 From: inl-ics <96266975+inl-ics@users.noreply.github.com> Date: Fri, 21 Jan 2022 09:37:30 -0700 Subject: [PATCH 1/2] Update cisagov_W.yml Updated Wind River product information. --- data/cisagov_W.yml | 257 +++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 246 insertions(+), 11 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index f8b1dae..158e9ee 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -210,35 +210,270 @@ software: references: - '' last_updated: '2021-12-22T00:00:00' - - vendor: WindRiver - product: '' + - vendor: Wind River + product: WRL-6 cves: cve-2021-4104: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-44228: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45046: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' cve-2021-45105: - investigated: false + investigated: true affected_versions: [] fixed_versions: [] - unaffected_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-7 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-8 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: WRL-9 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 notes: '' references: - '' - last_updated: '2022-01-12T07:18:56+00:00' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS17 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS18 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS19 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' + - vendor: Wind River + product: LTS21 + cves: + cve-2021-4104: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-44228: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45046: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + cve-2021-45105: + investigated: true + affected_versions: [] + fixed_versions: [] + unaffected_versions: + - 'All' + vendor_links: + - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 + notes: '' + references: + - '' + last_updated: '2022-01-21T00:00:00' - vendor: WireShark product: '' cves: From 4b2427464835a2d72dbdd3a376dbce07f42e71dd Mon Sep 17 00:00:00 2001 From: justmurphy <96064251+justmurphy@users.noreply.github.com> Date: Tue, 25 Jan 2022 14:48:05 -0500 Subject: [PATCH 2/2] Fix line length --- data/cisagov_W.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/data/cisagov_W.yml b/data/cisagov_W.yml index 158e9ee..31996e3 100644 --- a/data/cisagov_W.yml +++ b/data/cisagov_W.yml @@ -239,7 +239,9 @@ software: - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender + components, however, JMSAppender is deactivated in the release package and not affected by + CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' @@ -272,7 +274,9 @@ software: - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender + components, however, JMSAppender is deactivated in the release package and not affected by + CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00' @@ -305,7 +309,9 @@ software: - 'All' vendor_links: - https://support2.windriver.com/index.php?page=security-notices&on=view&id=7191 - notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender components, however, JMSAppender is deactivated in the release package and not affected by CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. + notes: The Wind River Linux Product Versions 8.0 and prior contains the log4j1.2 and JMSAppender + components, however, JMSAppender is deactivated in the release package and not affected by + CVE-2021-4104 customers are advised to NOT manually activate the JMSAppender component. references: - '' last_updated: '2022-01-21T00:00:00'