Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 76B4384D0E for ; Mon, 16 Oct 2023 10:28:52 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id YH2zW358xxhO for ; Mon, 16 Oct 2023 10:28:52 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id C1A2084CFE for ; Mon, 16 Oct 2023 10:28:51 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id BB267FADC; Mon, 16 Oct 2023 10:28:51 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1697452131260650" MIME-Version: 1.0 Date: Mon, 16 Oct 2023 10:28:51 +0000 From: "Havard Eidnes" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: he@netbsd.org X-Mailer: log_accum Message-Id: <20231016102851.BB267FADC@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_1697452131260650 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: he Date: Mon Oct 16 10:28:51 UTC 2023 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: Fix pattern for protobuf-c CVE-2022-33070 (applies to <=1.4.0). To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1697452131260650 Content-Disposition: inline Content-Length: 1246 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.47 pkgsrc/doc/pkg-vulnerabilities:1.48 --- pkgsrc/doc/pkg-vulnerabilities:1.47 Sat Oct 14 09:40:47 2023 +++ pkgsrc/doc/pkg-vulnerabilities Mon Oct 16 10:28:51 2023 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.47 2023/10/14 09:40:47 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.48 2023/10/16 10:28:51 he Exp $ # #FORMAT 1.0.0 # @@ -23595,7 +23595,7 @@ php{56,74,80,81}-piwigo<2.10.0 sql-injec php{56,74,80,81}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2021-40678 pidgin<2.14.9 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2022-26491 poppler<22.04.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-27337 -protobuf-c-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33070 +protobuf-c<=1.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33070 py{27,36,37,38,39,310}-JWT<2.4.0 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-29217 py{27,36,37,38,39,310}-Pillow<9.1.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30595 py{27,36,37,38,39,310}-aiohttp-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33124 --_----------=_1697452131260650--