kiosk-guestbook

tmdinosaurcenter/kiosk-guestbook

Fork 0

mirror of https://github.com/tmdinosaurcenter/kiosk-guestbook.git synced 2026-06-03 21:37:51 -06:00

Commit Graph

Author	SHA1	Message	Date
steve	613a9dc590	ci: ignore CVE-2026-4878 and CVE-2026-33845 (no fix available) Both CVEs affect Debian 13 base image packages with no fixed version: - CVE-2026-4878: libcap2 privilege escalation via TOCTOU race in cap_set_file() - CVE-2026-33845: libgnutls30t64 DoS via DTLS zero-length fragment	2026-05-03 16:21:24 -06:00
steve	c371b9a04f	ci: suppress 3 unfixed Debian CVEs via .trivyignore CVE-2025-69720 (ncurses), CVE-2026-27135 (nghttp2), and CVE-2026-29111 (systemd) have no upstream fix available. .trivyignore suppresses them so Trivy can still gate on all other CRITICAL/HIGH findings without relying on the coarser ignore-unfixed flag in the workflow.	2026-05-03 09:35:38 -06:00

Author

SHA1

Message

Date

steve

613a9dc590

ci: ignore CVE-2026-4878 and CVE-2026-33845 (no fix available)

Both CVEs affect Debian 13 base image packages with no fixed version:
- CVE-2026-4878: libcap2 privilege escalation via TOCTOU race in cap_set_file()
- CVE-2026-33845: libgnutls30t64 DoS via DTLS zero-length fragment

2026-05-03 16:21:24 -06:00

steve

c371b9a04f

ci: suppress 3 unfixed Debian CVEs via .trivyignore

CVE-2025-69720 (ncurses), CVE-2026-27135 (nghttp2), and CVE-2026-29111
(systemd) have no upstream fix available. .trivyignore suppresses them
so Trivy can still gate on all other CRITICAL/HIGH findings without
relying on the coarser ignore-unfixed flag in the workflow.

2026-05-03 09:35:38 -06:00

2 Commits