Fixed problem URLs in gems advisories#940
Conversation
postmodern
left a comment
postmodern
left a comment
There was a problem hiding this comment.
Noticed some issues.
- I prefer that the canonical URL be to either NVD, or GHSA, or the project's own announcement. Web Archive URLs of old blog posts may go into the related URLs section.
- Some of the blogs moved to different domains and I was able to find the old blog posts.
- One URL is still alive and was mistakenly removed.
| cve: 2015-7519 | ||
| ghsa: fxwv-953p-7qpf | ||
| url: https://blog.phusion.nl/2015/12/07/cve-2015-7519/ | ||
| url: https://web.archive.org/web/20220327073056/https://www.puppet.com/security/cve/passenger-dec-2015-security-fixes |
There was a problem hiding this comment.
It's better to link to either NVD or the GHSA advisory as the canonical URL, instead of Web Archive. It's OK to list a Web Archive link in the related URLs.
| cve: 2009-2422 | ||
| ghsa: rxq3-gm4p-5fj4 | ||
| url: http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest | ||
| url: https://github.com/advisories/GHSA-rxq3-gm4p-5fj4 |
There was a problem hiding this comment.
The domain of their blog was changed to https://rubyonrails.org.
The URL should be: https://rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
| related: | ||
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2009-2422 | ||
| - http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest |
There was a problem hiding this comment.
| - ">= 1.3.1" | ||
| related: | ||
| url: | ||
| - http://blog.steveklabnik.com/posts/2013-08-03-redis-namespace-1-3-1--security-release |
There was a problem hiding this comment.
The blog domain was moved. It should be https://steveklabnik.com/writing/redis-namespace-1-3-1--security-release/
| osvdb: 81505 | ||
| ghsa: 7h48-m3rw-vr27 | ||
| url: https://spreecommerce.com/blog/security-vulnerability-mass-assignment | ||
| url: https://web.archive.org/web/20101128024717/http://spreecommerce.com/blog/2008/09/16/security-vulnerability-mass-assignment-of-order-params |
There was a problem hiding this comment.
The canonical URL should link to either NVD or GHSA. Web Archive links can go in the related URLs section.
| cve: 2013-2506 | ||
| osvdb: 90865 | ||
| url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed | ||
| url: https://web.archive.org/web/20160331131233/https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed |
There was a problem hiding this comment.
The canonical URL should link to either NVD or GHSA. Web Archive links can go in the related URLs section.
| cve: 2013-2506 | ||
| osvdb: 90865 | ||
| url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed | ||
| url: https://web.archive.org/web/20160331131233/https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed |
There was a problem hiding this comment.
The canonical URL should link to either NVD or GHSA. Web Archive links can go in the related URLs section.
| osvdb: 90865 | ||
| ghsa: jp57-9j37-5476 | ||
| url: https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed | ||
| url: https://web.archive.org/web/20160331131233/https://spreecommerce.com/blog/multiple-security-vulnerabilities-fixed |
There was a problem hiding this comment.
The canonical URL should link to either NVD or GHSA. Web Archive links can go in the related URLs section.
| related: | ||
| url: | ||
| - https://nvd.nist.gov/vuln/detail/CVE-2015-8857 | ||
| - https://github.com/mishoo/UglifyJS/issues/751 |
There was a problem hiding this comment.
This URL is still alive. Worth keeping it in the related URLs section.
|
Change in focus so deleting this PR |
2 participants
Fixed problem URLs in gems advisories. See details below.