-
-
Notifications
You must be signed in to change notification settings - Fork 16
/
ChangeLog
138 lines (102 loc) · 4.51 KB
/
ChangeLog
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# ChangeLog
## 1.2.1 - May 03 2024
- Added +11 new CVE descriptions
- Updated CVE-2023-6817 detection
- Updated CVE-2021-28950 detection
- Added coccinelle 1.2 support
## 1.2.0 - Feb 15 2024
- Added +98 new CVE descriptions
- Added `--exclude <file>` option to exclude CVE-ids from the file from checks
- Added macOS support (it's possible to run the tool on the system)
- Added multiprocessing support
- Fixed ordering in reports (reproducibility)
## 1.1.0 - Jun 04 2022
- Added +69 new CVE descriptions
- Renamed `--config` option to `--kernel-config`
- Added `--config` option to support config.ini files with default settings
- Added `--metadata` option to support custom path to kernel_cves.json.gz
- Added `CVEHOUND_METADATA` environment to support custom path to
kernel_cves.json.gz
- Added file and line fields to json report
- Fixed kernel sources detection problem for kernels < 2.6.12-rc2
- Renamed CVE-2022-0886 (rejected) to CVE-2022-27666
## 1.0.9 - Apr 04 2022
- Added +43 new CVE descriptions
- Improved CVE-2019-15221 detection
- Fixed CVE-2020-25670 detection
- Fixed CVE-2020-25671 detection
- Added `--exclude` option to drop CVEs from check
- Added `--ignore-files` option to exclude kernel files from check
- Added `--list` options to list all known CVEs
- Improved `--help` output
- Removed strict lscpu dependency
- Fixed a crash when using `--exploit` option and metadata is not available
- Fixed a crash when using `--config` option and CVE is found in an .h file
## 1.0.8 - Nov 02 2021
- Added +52 new CVE descriptions
- Improved CVE-2014-1737 detection
- Improved CVE-2014-1738 detection
## 1.0.7 - Oct 14 2021
- Fixed `cvehound --cve all ...` invocation
- Changed `--report-strict` argument to `--check-strict`
## 1.0.6 - Oct 14 2021
- Restored support for python 3.5
- Fixed `cvehound --cve all ...` argument
- Added minimal coccinelle version to **CVE-2021-38209**, **CVE-2021-3656** rules
- Changed minimal coccinelle version from 1.0.8 to 1.0.7 in **CVE-2020-24490** rule
- Removed minimal coccinelle version for **CVE-2021-0342** rule
- Fixed setup.py by adding `lxml` dependency required for `cvehound_update_metadata`
- Fixed **CVE-2015-4700** false positive with `--all-files`
- Added `--cve [all, assigned, disputed]` modes. Changed default mode from _all_ to _assigned_
- Moved **CVE-2021-3178**, **CVE-2019-12382**, **CVE-2019-12455**, **CVE-2019-19770** to disputed mode
- Fixed coccinelle installation from git in CI
- Added coccinelle 1.0.4 to CI
- Added ChangeLog
## 1.0.5 - Oct 01 2021
- Added section about LICENSE to README.md
- Simplified .grep patterns handling
- Added +40 new CVE descriptions
- Added `--exploit` filter to check only for CVEs known to have exploits (according to FSTEC BDU database)
- Added `cvehound_update_rules` script to fetch detection rules from git without updating a tool
## 1.0.4 - Sep 11 2021
- Added +24 new CVE descriptions
- Fixed installation problem with missing cvehound.kbuildparse package
- Fixed `--all-files` mode
- Removed support for python 3.5
- Added minimal coccinelle versions to **CVE-2021-3587**, **CVE-2021-3347**, **CVE-2020-11884**, **CVE-2018-1108** rules
## 1.0.3 - Jul 14 2021
- Added +50 new CVE descriptions
## 1.0.2 - Mar 12 2021
- Fix `--config` argument check
## 1.0.1 - Mar 12 2021
- Added `--report` option to output json report
## 1.0.0 - Mar 11 2021
- Added +70 new CVE descriptions
- Added `cvehound_update_metadata` script to fetch latest json from linuxkernelcves.com
- Added `--cwe` option to check only specified cwe-ids (classes)
- Added `--files` option to check only specified kernel dirs
- Added `--config` option to infer kernel configs from Makefile/Kbuild files and check kernel .config files
- Changed last metadata update date in output to commit date
- Added **linux-next** to CI
- Added multiple coccinelle versions to CI
- Many small fixes
## 0.2.1 - Jan 12 2021
- Added +40 new CVE descriptions
## 0.2.0 - Jan 02 2021
- Refactored tests
- Added **linux-stable** to CI
- Added metainformation from linuxkernelcves.com
- Fix **CVE-2020-25211** detection on "Fixes" commit
- Changed **CVE-2020-0465** detection
## 0.1.3 - Jan 01 2021
- Added coccinelle 1.0.4, 1.0.5, 1.0.6, 1.0.7 support
- Reworked tests
- Added GitHub actions CI
- Fixed _Files_ tag for **CVE-2019-19448**
- Fixed descriptions for existing rules
## 0.1.2 - Dec 30 2020
- Fixed python's 3.9 dependency
- Added support for python 3.5
## 0.1.1 - Dec 23 2020
- Initial release
- Added 31 CVE descriptions