Vulnerability roundup 85: zoom-1.1.5: 4 advisories [9.8]

[ckauhaus]

*Note this is zoom the game, not zoom-us!

search, files

• CVE-2018-15715 CVSSv3=9.8 (nixos-20.03, nixos-unstable)
• CVE-2019-13567 CVSSv3=8.8 (nixos-20.03, nixos-unstable)
• CVE-2019-13449 CVSSv3=6.5 (nixos-20.03, nixos-unstable)
• CVE-2019-13450 CVSSv3=6.5 (nixos-20.03, nixos-unstable)

Scanned versions: nixos-20.03: a84b797; nixos-unstable: 22c9881. May contain false positives.

[flokli]

cc @glittershark

[glittershark]

@flokli thanks for the heads up.

[glittershark]

Looked at each and it looks like all of these are in a version older than what's in master, which has 5.0.408598.0517.

[glittershark]

also both 20.03 and unstable have versions >5.0, so all four of these seem to be false positives

[glittershark]

oh also looking at the files linked in the description this appears to be referencing pkgs/games/zoom, which is different from the messaging client zoom-us

[flokli]

Ooops, then sorry for the noise 🤦

[glittershark]

np! worth having a quick trigger finger on security stuff 😄

[puzzlewolf]

@ckauhaus: this is a false positive, the CVEs are for zoom-us, not for zoom, the game, as the title and linked files suggest.

[ckauhaus]

Thanks for investigating. I'm currently collecting data in to improve on CPE matching nix-community/vulnix#62 and will come up with an improved vulnix.