Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6F3F984D14 for ; Sun, 24 Dec 2023 12:47:47 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id EL2NE5ggO0yS for ; Sun, 24 Dec 2023 12:47:46 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id D2A5184CD9 for ; Sun, 24 Dec 2023 12:47:46 +0000 (UTC) Received: by cvs.NetBSD.org (Postfix, from userid 500) id BF5C3FA42; Sun, 24 Dec 2023 12:47:46 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1703422066152640" MIME-Version: 1.0 Date: Sun, 24 Dec 2023 12:47:46 +0000 From: "Benny Siegert" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Approved: commit_and_comment Reply-To: bsiegert@netbsd.org X-Mailer: log_accum Message-Id: <20231224124746.BF5C3FA42@cvs.NetBSD.org> This is a multi-part message in MIME format. --_----------=_1703422066152640 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: bsiegert Date: Sun Dec 24 12:47:46 UTC 2023 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: Add vulnerability entries for the recent Go vulns This is for all the ones I found with a quick scan with govulncheck, modulo those that are fixed already. To generate a diff of this commit: cvs rdiff -u -r1.97 -r1.98 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1703422066152640 Content-Disposition: inline Content-Length: 1822 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.97 pkgsrc/doc/pkg-vulnerabilities:1.98 --- pkgsrc/doc/pkg-vulnerabilities:1.97 Sun Dec 24 09:53:03 2023 +++ pkgsrc/doc/pkg-vulnerabilities Sun Dec 24 12:47:46 2023 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.97 2023/12/24 09:53:03 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.98 2023/12/24 12:47:46 bsiegert Exp $ # #FORMAT 1.0.0 # @@ -25827,3 +25827,18 @@ exim-[0-9]* email-spoofing https://nvd.n nuclei<3.1.3 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 glow<1.5.1 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 sendmail-[0-9]* email-spoofing https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-51765 +packer<1.9.5 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 +ssh-chat-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 +influxdb-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 +lazygit-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 +amfora-[0-9]* infinite-loop https://pkg.go.dev/vuln/GO-2021-0238 +hub-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2021-0061 +nats-server-[0-9]* permissions-checking https://pkg.go.dev/vuln/GO-2022-0386 +obfs4proxy-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 +terraform-provider-aws-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-2153 +terraform-provider-aws-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 +authelia-[0-9]* path-traversal https://pkg.go.dev/vuln/GO-2022-0355 +authelia-[0-9]* out-of-bounds-read https://pkg.go.dev/vuln/GO-2021-0113 +apisprout-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2021-0061 +gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 +gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 --_----------=_1703422066152640--