Received: by mail.netbsd.org (Postfix, from userid 605)
	id 6974184E61; Sat, 24 Feb 2024 15:05:24 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1708787124;
	bh=O1c7JsS7hPdvHg6wrbqPlxUsdH1D8Ji+9YDT7egBQ2g=;
	h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe;
	b=JoEkBe+opcaY0VcZ92XC70V43QAziW9kS8WOe/j/nCbFZd4TBn1PokPx/3MuDfuJx
	 BW2qDNphaHvPAB2WVzPP7abzpSmGtkpXid5zYL3AQYrPiOdHiYU2TOVqWlnTyvjMLn
	 RBS1ksLJjwe1R16f8ASu0baxBVdvGGU00wUAV0kw=
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 5D32C84D27
	for <pkgsrc-changes@NetBSD.org>; Sat, 24 Feb 2024 15:05:23 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id eMOE211PLTcQ for <pkgsrc-changes@netbsd.org>;
	Sat, 24 Feb 2024 15:05:22 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id A664084C13
	for <pkgsrc-changes@NetBSD.org>; Sat, 24 Feb 2024 15:05:22 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1708787122;
	bh=O1c7JsS7hPdvHg6wrbqPlxUsdH1D8Ji+9YDT7egBQ2g=;
	h=Date:From:Subject:To:Reply-To;
	b=YnJOBMb4NOqaLupuim57/PRX57+1vAoQMDPF+0GiOS1TYrwBpTjzbW6RYxkDUGLc+
	 KpQOrnP36lT+8jABjg6G7r3rMtZnI2PVvIe53uxm4bxDc2c5TqMJODnc6tqOW7ECqt
	 N/jXXw3YOZeWa1S3YmWspS7sBdDKeDzcVdvEZL5Q=
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 9CE69F9F4; Sat, 24 Feb 2024 15:05:22 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_170878712288520"
MIME-Version: 1.0
Date: Sat, 24 Feb 2024 15:05:22 +0000
From: "Takahiro Kambe" <taca@netbsd.org>
Subject: CVS commit: pkgsrc/doc
To: pkgsrc-changes@NetBSD.org
Reply-To: taca@netbsd.org
X-Mailer: log_accum
Message-Id: <20240224150522.9CE69F9F4@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_170878712288520
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	taca
Date:		Sat Feb 24 15:05:22 UTC 2024

Modified Files:
	pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc: add CVE-2024-26144

Add CVE-2024-26144 entries for devel/ruby-activestorage61 and
devel/ruby-activestorage70.


To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.141 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_170878712288520
Content-Disposition: inline
Content-Length: 1335
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.140 pkgsrc/doc/pkg-vulnerabilities:1.141
--- pkgsrc/doc/pkg-vulnerabilities:1.140	Sat Feb 24 15:03:48 2024
+++ pkgsrc/doc/pkg-vulnerabilities	Sat Feb 24 15:05:22 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.140 2024/02/24 15:03:48 taca Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.141 2024/02/24 15:05:22 taca Exp $
 #
 #FORMAT 1.0.0
 #
@@ -25907,3 +25907,5 @@ ruby{27,30,31,32,33}-rack>=3.0<3.0.9.1	d
 ruby{27,30,31}-actionpack71>=7.1<7.1.3.1	denial-of-service	https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946
 ruby{27,30,31,32,33}-actionpack70>=7.0<7.0.8.1	cross-site-scripting	https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
 ruby{27,30,31,32,33}-actionpack71>=7.1<7.1.3.2	cross-site-scripting	https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947
+ruby{27,30,31,32,33}-activestorage61>=6.1<6.1.7.7	information-leak	https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945
+ruby{27,30,31,32,33}-activestorage70>=7.0<7.0.8.1	information-leak	https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945


--_----------=_170878712288520--