[automatic] Publish and update 6 advisories for 6 packages

[jlsec-bot]

This action searched recent NVD/EUVD changes/publications, checking 529 (+0) advisories from NVD and 470 (+235) from EUVD for advisories that pertain here. It identified 6 advisories as being related to the Julia package(s): OpenSSL_jll, XML2_jll, Openresty_jll, Cares_jll, MbedTLS_jll, and GnuTLS_jll.

1 advisories apply to all registered versions of a package

These advisories had no obvious failures but computed a range without bounds.

• CVE-2021-43666 for packages: MbedTLS_jll
  • MbedTLS_jll computed ["*"]. Its latest version (2.28.1010+0) has components: {mbedtls = "2.28.10"}
    • arm:mbed_tls at <= 3.0.0 includes all versions

5 advisories found concrete vulnerable ranges

• CVE-2021-3517 for packages: XML2_jll
  • XML2_jll computed ["< 2.9.12+0"]. Its latest version (2.15.1+0) has components: {libxml2 = "2.15.1"}
• CVE-2022-2509 for packages: GnuTLS_jll
  • GnuTLS_jll computed ["< 3.7.8+0"]. Its latest version (3.8.4+0) has components: {gnutls = "3.8.4"}
• CVE-2022-4904 for packages: Cares_jll
  • Cares_jll computed ["< 1.32.2+0"]. Its latest version (1.33.1+0) has components: {c-ares = "1.33.1"}
• CVE-2023-5363 for packages: OpenSSL_jll
  • OpenSSL_jll computed [">= 3.0.8+0, < 3.0.12+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
  • Openresty_jll has no vulnerable versions; some versions contain vulnerable openssl:openssl. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}
• CVE-2023-5678 for packages: OpenSSL_jll, and Openresty_jll
  • OpenSSL_jll computed ["< 3.0.13+0"]. Its latest version (3.5.4+0) has components: {openssl = "3.5.4"}
  • Openresty_jll computed ["< 1.27.1+0"]. Its latest version (1.27.1+0) has components: {openresty = "1.27.1.1", openssl = "3.0.15", pcre = "8.45", zlib = "1.3.1"}