mirror of
https://github.com/fleetdm/fleet
synced 2026-04-21 13:37:30 +00:00
3ffd64f1da
Run: https://github.com/fleetdm/fleet/actions/runs/24673271270 <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Security** * Added vulnerability assessment documentation for CVE-2026-28390, confirming that bomutils is not affected by this vulnerability. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
32 lines
879 B
JSON
32 lines
879 B
JSON
{
|
|
"@context": "https://openvex.dev/ns/v0.2.0",
|
|
"@id": "https://openvex.dev/docs/public/vex-40bb280a46610256b8838be81c1666ffd343828e62043f457bf3e4b64343fe5e",
|
|
"author": "@lucasmrod",
|
|
"timestamp": "2026-04-20T11:48:55.894935-03:00",
|
|
"version": 1,
|
|
"statements": [
|
|
{
|
|
"vulnerability": {
|
|
"name": "CVE-2026-28390"
|
|
},
|
|
"timestamp": "2026-04-20T11:48:55.894935-03:00",
|
|
"products": [
|
|
{
|
|
"@id": "bomutils"
|
|
},
|
|
{
|
|
"@id": "pkg:deb/debian/libssl3t64"
|
|
},
|
|
{
|
|
"@id": "pkg:deb/debian/openssl"
|
|
},
|
|
{
|
|
"@id": "pkg:deb/debian/openssl-provider-legacy"
|
|
}
|
|
],
|
|
"status": "not_affected",
|
|
"status_notes": "fleetdm/bomutils does not connect to TLS servers using OpenSSL",
|
|
"justification": "vulnerable_code_not_in_execute_path"
|
|
}
|
|
]
|
|
}
|