[ubuntu-hardened] Whitespaces in references URLs
Ronald Bergmann
info at black-snow.net
Thu May 9 09:14:25 UTC 2024
Hi,
I noticed that at least for https://ubuntu.com/security/CVE-2022-29217
there's a whitespace in one of the URLs
(https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc
(2.4.0)), rendering it invalid. Not sure if this is the right place to
report the bug - if not please point me towards it.
I get that the "2.4.0" might be a hint, but it should not be part of the
actual link (href), since even
https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc%20(2.4.0)
is not correct,
https://github.com/jpadilla/pyjwt/commit/9c528670c455b8d948aff95ed50e22940d1ad3fc
is.
This affects consumers of those details, which copypaste them into their
advisories and in the end it broke my supply chain monitoring. For
reference, it affects trivy
https://github.com/aquasecurity/trivy/discussions/6663
Cheers!
Ronald
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-hardened/attachments/20240509/44bb947e/attachment.sig>
More information about the ubuntu-hardened
mailing list