Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 1832F84D2F for ; Mon, 20 Nov 2023 20:26:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id vmoFxERO_dyN for ; Mon, 20 Nov 2023 20:26:35 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 8615C84CCC for ; Mon, 20 Nov 2023 20:26:35 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id 32B74FA3F; Mon, 20 Nov 2023 20:26:35 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1700511995221550" MIME-Version: 1.0 Date: Mon, 20 Nov 2023 20:26:35 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20231120202635.32B74FA3F@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_1700511995221550 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Mon Nov 20 20:26:35 UTC 2023 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc: pkg-vulnerabilities: expand gimp, add gnutls To generate a diff of this commit: cvs rdiff -u -r1.69 -r1.70 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1700511995221550 Content-Disposition: inline Content-Length: 1900 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.69 pkgsrc/doc/pkg-vulnerabilities:1.70 --- pkgsrc/doc/pkg-vulnerabilities:1.69 Fri Nov 17 09:49:25 2023 +++ pkgsrc/doc/pkg-vulnerabilities Mon Nov 20 20:26:34 2023 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.69 2023/11/17 09:49:25 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.70 2023/11/20 20:26:34 wiz Exp $ # #FORMAT 1.0.0 # @@ -25754,7 +25754,10 @@ py{27,38,39,310,311,312}-pip<23.3 comman php{56,73,74,80,81,82}-roundcube<1.6.3 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-5631 exiv2>=0.28<0.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2023-44398 ltm<1.2.1 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-36328 -gimp<2.10.36 unknown-impact https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#security-and-bug-fixes +gimp<2.10.36 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-44441 +qimp<2.10.36 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-44442 +gimp<2.10.36 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-44443 +gimp<2.10.36 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-44444 tor<0.4.8.8 unknown-impact https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE tor<0.4.8.9 unknown-impact https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE yt-dlp<2023.11.14 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2023-46121 @@ -25776,3 +25779,4 @@ gst-plugins1-bad<1.22.6 buffer-overflow gst-plugins1-bad<1.22.6 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-44446 vim<9.0.2106 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2021-48231 vim<9.0.2112 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-48237 +gnutls<3.8.2 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2023-5981 --_----------=_1700511995221550--