Add reference link to GHSA-vqf4-7m7x-wgfc.json#8004
Open
0bi0 wants to merge 63 commits into
Open
Conversation
github-actions
Bot
changed the base branch from
main
to
0bi0/advisory-improvement-8004
GHSA-hq3q-62v8-pp48 GHSA-2mpf-m756-hxjm GHSA-5vq9-cj6j-3h3r GHSA-5x25-c2rf-f2jx GHSA-6mfm-98wv-32wm GHSA-792x-6vq6-j8r9 GHSA-8qq9-r6cc-qjv9 GHSA-9wxp-w4px-32vh GHSA-c3qh-j9ww-qf82 GHSA-g5c4-g774-r8rq GHSA-gg9r-wr4p-w63h GHSA-ggg2-9786-hwc8 GHSA-hc7f-qwfj-7fcf GHSA-hw5c-xm3c-v96w GHSA-j8rf-h5jg-xxh6 GHSA-jx2q-67wh-xh52 GHSA-m39w-hqxx-3r48 GHSA-m3jg-hc42-77v3 GHSA-p7qj-2q5w-f9r7 GHSA-phxq-526m-79px GHSA-px92-q6rc-6mwv GHSA-vmg6-wpcq-g357 GHSA-vww4-r7gr-9xvq GHSA-whpp-xv3h-rwxf
GHSA-32mq-hpph-xfvr GHSA-6wxc-8mgq-w26m GHSA-748w-hm6r-qc7v GHSA-7wff-wpr6-vmhm GHSA-9rfg-v8g9-9367 GHSA-c5fp-p67m-gq56 GHSA-cr6r-hmj8-pr7r GHSA-cwpj-h54c-xjpx GHSA-fvhg-p4hf-79x3 GHSA-vhrh-72hq-w8m7 GHSA-vpr4-p6fq-85jc GHSA-32hf-8jw3-v4qq GHSA-5375-pq7m-f5r2 GHSA-9663-mqmp-p9mm GHSA-9gw6-46qc-99vr GHSA-c2gf-v879-257j
GHSA-wx6g-fm6f-w822 GHSA-2rgj-gx5x-f62w GHSA-4f8r-922h-2vgv GHSA-4g75-9r48-jf92 GHSA-533m-3wf6-c33v GHSA-54mc-gghv-4cfj GHSA-f396-4rp4-7v2j GHSA-g6ww-w5j2-r7x3 GHSA-g9f8-wqj9-fjw5 GHSA-hmg2-jjjx-jcp2 GHSA-hpv4-5h6f-wqr3 GHSA-wwx6-x28x-8259 GHSA-xjhv-pp2r-6f82 GHSA-555p-6grf-mh7f GHSA-7w52-7jvm-m9vw GHSA-xrvj-v92f-53gj
GHSA-36fg-ffjj-h5p6 GHSA-r8hv-j9g9-64g6 GHSA-3hgm-7fqq-m4fp GHSA-45c2-g3rg-fwmg GHSA-4r5w-3xv4-56jm GHSA-6qwm-5fm9-cvjx GHSA-6w3v-mcfh-m3q7 GHSA-7jx5-vvgh-vcjw GHSA-g5vm-7gwv-45rj GHSA-gfrh-qj3c-qwrr GHSA-mq42-j95v-p3gq GHSA-p4v4-3mfq-ffjr GHSA-pfx2-jf85-mvf2 GHSA-vvmc-8xvf-rg7j GHSA-wvfv-3qjh-qwxj GHSA-wxmc-rhr3-hx2w
GHSA-436v-8fw5-4mj8 GHSA-49pm-43hf-6xfq GHSA-6m57-8r3p-pqx6 GHSA-78pr-c5x5-jggc GHSA-9g8x-92q2-p28f GHSA-c4cf-2hgv-2qv6 GHSA-g8wj-3cr3-6w7v GHSA-hg3f-28rg-4jxj GHSA-m5q2-4fm3-vfqp GHSA-r9pm-gxmw-wv6p GHSA-5pvg-856g-cp85 GHSA-5x3r-wrvg-rp6q GHSA-5xrh-qmmq-w6ch GHSA-676x-f7gg-47vc GHSA-6jv9-x5w9-2ccm GHSA-c2gf-v879-257j GHSA-cc37-9q2j-3hfv GHSA-cmm3-54f8-px4j GHSA-h2qv-fj59-j46j GHSA-w573-9ffj-6ff9 GHSA-x4gw-5cx5-pgmh GHSA-xmv7-r254-6q78
|
Hi @0bi0, Could you explain how you determined yawkat/lz4-java@d041c28 to be the fix commit? |
Author
|
@JonathanLEvans It seems like I accidentally pushed the wrong commit reference, haha. The correct fix commit is actually |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The advisory currently references the v1.8.1 release tag but is missing the
underlying patch commit. Added the fix commit for CVE-2025-12183:
yawkat/lz4-java@d041c28
This helps downstream readers verify the exact change that resolved the
out-of-bounds memory operations vulnerability.