[automatic] Publish 4 advisories for 5 packages

[jlsec-bot]

This action searched recent NVD/EUVD changes/publications, checking 853 (+0) advisories from NVD and 1092 (+595) from EUVD for advisories that pertain here. It identified 4 advisories as being related to the Julia package(s): Python_jll, Expat_jll, XML2_jll, SDL2_jll, and Ghostscript_jll.

1 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

• CVE-2022-4743 for packages: SDL2_jll
  • SDL2_jll computed ["*"]. Its latest version (2.32.10+0) has components: {sdl2 = "*", sdl3 = "2.32.10"}
    • libsdl:simple_directmedia_layer at >= 2.0.4, < 2.26.0 includes all versions
    • ⚠ libsdl:simple_directmedia_layer might mean a different project; it could be one of sdl3 or sdl2

3 advisories found concrete vulnerable ranges

• CVE-2013-0340 for packages: Python_jll, and Expat_jll
  • Python_jll computed ["< 3.10.7+0"]. Its latest version (3.11.12+0) has components: {"python:idle" = "3.11.12", python = "3.11.12"}
  • Expat_jll computed ["< 2.4.4+0"]. Its latest version (2.7.3+0) has components: {expat = "2.7.3"}
• CVE-2013-6629 for packages: Ghostscript_jll
  • JpegTurbo_jll has no vulnerable versions; some versions contain vulnerable libjpeg-turbo:libjpeg-turbo. Its latest version (3.1.3+0) has components: {libjpeg-turbo = "3.1.2"}
  • Ghostscript_jll computed ["< 9.55.0+0"]. Its latest version (9.55.1+0) has components: {ghostscript = "9.55.0"}
• CVE-2024-40896 for packages: XML2_jll
  • XML2_jll computed [">= 2.11.5+0, < 2.13.3+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}