Fix wrong data in GHSA-c32m-27pj-4xcj.json

surli · web-flow · commit f1a0224e28f7 · 2025-11-04T10:29:54.000+01:00
The fixed version for module org.xwiki.platform:xwiki-platform-security-requiredrights-default and affect version 16.5.0RC1 wasn't following what's indicated in GHSA-c32m-27pj-4xcj and for some reason is inconsistent with the data provided in other modules of the same file. As a result, this was creating for us a false positive in our automated scanner for CVE since it found the CVE for versions after 16.10.3.
diff --git a/advisories/github-reviewed/2025/06/GHSA-c32m-27pj-4xcj/GHSA-c32m-27pj-4xcj.json b/advisories/github-reviewed/2025/06/GHSA-c32m-27pj-4xcj/GHSA-c32m-27pj-4xcj.json
@@ -161,7 +161,7 @@
               "introduced": "16.5.0-rc-1"
             },
             {
-              "fixed": "17.0.0"
+              "fixed": "16.10.3"
             }
           ]
         }
@@ -302,4 +302,4 @@
     "github_reviewed_at": "2025-06-13T20:38:58Z",
     "nvd_published_at": "2025-06-13T17:15:23Z"
   }
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -161,7 +161,7 @@`
`161`	`161`	`"introduced": "16.5.0-rc-1"`
`162`	`162`	`},`
`163`	`163`	`{`
`164`		`- "fixed": "17.0.0"`
	`164`	`+ "fixed": "16.10.3"`
`165`	`165`	`}`
`166`	`166`	`]`
`167`	`167`	`}`
`@@ -302,4 +302,4 @@`
`302`	`302`	`"github_reviewed_at": "2025-06-13T20:38:58Z",`
`303`	`303`	`"nvd_published_at": "2025-06-13T17:15:23Z"`
`304`	`304`	`}`
`305`		`-}`
	`305`	`+}`