Update the software list

2 years ago · 72daad21e5
parent 47b41cf46b
commit 72daad21e5
3 changed files with 8 additions and 9 deletions
--- a/SOFTWARE-LIST.md
+++ b/SOFTWARE-LIST.md
@ -558,7 +558,7 @@ NOTE: This file is automatically generated. To submit updates, please refer to
 | Cloudron |  |  |  | Unknown | [link](https://forum.cloudron.io/topic/6153/log4j-and-log4j2-library-vulnerability?lang=en-US) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Clover |  |  |  | Unknown | [link](https://community.clover.com/articles/35868/apache-log4j-vulnerability-cve-2021-44228.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Code42 | Code42 App |  | 8.8.1 | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-22 |
-| Code42 | Crashplan |  | 8.8, possibly prior versions | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | I think, they don't specify in the notice, but we know that they released an updated Crashplan client. Possibly prior versions affected. |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
+| Code42 | Crashplan |  | All | Fixed | [link](https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates) | The CrashPlan app is EOL and is now called Code42.  If you detect CrashPlan installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer. | [https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/) | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2021-12-16 |
 | CodeBeamer |  |  |  | Unknown | [link](https://codebeamer.com/cb/wiki/19872365) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Codesys |  |  |  | Unknown | [link](https://www.codesys.com/news-events/news/article/log4j-not-used-in-codesys.html) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
 | Cohesity |  |  |  | Unknown | [link](https://support.cohesity.com/s/article/Security-Advisory-Apache-Log4j-Remote-Code-Execution-RCE-CVE-2021-44228) |  |  | [cisagov](https://github.com/cisagov/log4j-affected-db) | 2022-01-12 |
--- a/data/cisagov.yml
+++ b/data/cisagov.yml
@ -15904,8 +15904,7 @@ software:
        investigated: true
        affected_versions: []
        fixed_versions:
-          - '8.8'
-          - possibly prior versions
+          - All
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
@ -15919,10 +15918,10 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates
-    notes: I think, they don't specify in the notice, but we know that they released
-      an updated Crashplan client. Possibly prior versions affected.
+    notes: The CrashPlan app is EOL and is now called Code42.  If you detect CrashPlan
+      installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer.
    references:
-      - ''
+      - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)'
    last_updated: '2021-12-16T00:00:00'
  - vendor: CodeBeamer
    product: ''
--- a/data/cisagov_C.yml
+++ b/data/cisagov_C.yml
@ -6438,7 +6438,7 @@ software:
        investigated: true
        affected_versions: []
        fixed_versions:
-          - 'All'
+          - All
        unaffected_versions: []
      cve-2021-45046:
        investigated: false
@ -6452,8 +6452,8 @@ software:
        unaffected_versions: []
    vendor_links:
      - https://success.code42.com/hc/en-us/articles/4416158712343-RELEASE-NOTIFICATION-Code42-Vulnerability-Mitigation-for-CVE-2021-44228-and-other-updates
-    notes: The CrashPlan app is EOL and is now called Code42.  If you detect CrashPlan installed,
-      it is vulnerable. You can update easily to Code42 8.8.1 or newer.
+    notes: The CrashPlan app is EOL and is now called Code42.  If you detect CrashPlan
+      installed, it is vulnerable. You can update easily to Code42 8.8.1 or newer.
    references:
      - '[https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/](https://www.crashplan.com/en-us/business/resources/crashplan-for-small-business-updates-its-desktop-app/)'
    last_updated: '2021-12-16T00:00:00'