Received: by mail.netbsd.org (Postfix, from userid 605) id 540EF84E61; Sat, 24 Feb 2024 15:01:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1708786860; bh=bf0Wwz/KbFvfF+rBc9/kkJ4GjNI3kjb8w5RuUQjZ38U=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=kWrWRB2lq1RU/LfWJITuwkr/7E/Sno2wNXGx4Pogp9y+9wzuyQ3JhMZJDbCOwuQnl 72uT7L9jZO3emziM3HBnu3SefJ2b1MD3BLt8JjRAkevo9s2FyZajf5QKjHPmUz5/bp p71Pis3hYnUphU/XUT5xmWbWVK8acwEeLP5vSkUk= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 404CA84D27 for ; Sat, 24 Feb 2024 15:00:59 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id nBS5bAx7BhxI for ; Sat, 24 Feb 2024 15:00:58 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 831E484C13 for ; Sat, 24 Feb 2024 15:00:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1708786858; bh=bf0Wwz/KbFvfF+rBc9/kkJ4GjNI3kjb8w5RuUQjZ38U=; h=Date:From:Subject:To:Reply-To; b=cCLqGoWMs9OPmpfzDvBVFQCcgkCYZb4ajWsrgr3/0Mo03JqbcfajM+l+R2XEXwiMW fnY8i2+XKx8EpTv9ckmkZp3e6Rqi1ehITpnmcHh1ontUNNB/TgOIQCjBE/8IWjRWq2 9VCDal4zWiQLC3db7F9IHURM7EjvEZOqXqd31yXE= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 73E2CF9F4; Sat, 24 Feb 2024 15:00:58 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1708786858293540" MIME-Version: 1.0 Date: Sat, 24 Feb 2024 15:00:58 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20240224150058.73E2CF9F4@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1708786858293540 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sat Feb 24 15:00:58 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc: add CVE-2024-25126 Add CVE-2024-25126 entries for www/ruby-rack2 and www/ruby-rack. To generate a diff of this commit: cvs rdiff -u -r1.136 -r1.137 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1708786858293540 Content-Disposition: inline Content-Length: 1134 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.136 pkgsrc/doc/pkg-vulnerabilities:1.137 --- pkgsrc/doc/pkg-vulnerabilities:1.136 Fri Feb 23 12:59:46 2024 +++ pkgsrc/doc/pkg-vulnerabilities Sat Feb 24 15:00:58 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.136 2024/02/23 12:59:46 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.137 2024/02/24 15:00:58 taca Exp $ # #FORMAT 1.0.0 # @@ -25900,3 +25900,5 @@ nss<3.98.0 information-leak https://nvd. py{27,37,38,39,310,311,312}-dns<2.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-29483 py{27,37,38,39,310,311,312}-cryptography<42.0.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-26130 libcares<1.27.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25629 +ruby{27,30,31,32,33}-rack2>=2.0<2.2.8.1 denial-of-service https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 +ruby{27,30,31,32,33}-rack>=3.0<3.0.9.1 denial-of-service https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 --_----------=_1708786858293540--