Received: by mail.netbsd.org (Postfix, from userid 605) id 723B484EAC; Sun, 3 Mar 2024 12:55:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1709470551; bh=nNZAGi8QovM5juU8PHPQkAF1Kgoz1O+nhn1iWJMDwlc=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=QxQGvJ1IjP4bSd/Gc2H515OqmojxlRi9q92Usb4FMF1aW5PPA8/v/D+9/maGNCcjq ZPB5mBsmKF7REruNiG/avAKOw4cL12GSyhGK7EJHG1FVssodv651za7a/udTsBs28a PpXY0M8Y3u94ZIccPqXUwkwi6koFRuoK3bRwTOVQ= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 6280384D45 for ; Sun, 3 Mar 2024 12:55:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id 9Sf3ljfCmst8 for ; Sun, 3 Mar 2024 12:55:49 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 9F16184CF4 for ; Sun, 3 Mar 2024 12:55:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1709470549; bh=nNZAGi8QovM5juU8PHPQkAF1Kgoz1O+nhn1iWJMDwlc=; h=Date:From:Subject:To:Reply-To; b=TF1RkhVypLyq6BXufoYD+pajlHnGrcnA/Arq7eLyTRymFI6JYC6IudVut9IMU5lW1 nLjWs0TkVRs/Un/7V4bNVhJbmhXFDLghy0XVkB9ZDru7D6APXi9gkI9s7OXTmbXTBe BuzSqkZt0rooEKxx/ZTYDMOvQ/ajVOOmgR8n7Z0s= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 8CF55FA27; Sun, 3 Mar 2024 12:55:49 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_170947054985720" MIME-Version: 1.0 Date: Sun, 3 Mar 2024 12:55:49 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20240303125549.8CF55FA27@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_170947054985720 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Sun Mar 3 12:55:49 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: pkg-vulnerabilities: add upper bound for prometheus The current prometheus is not using the vulnerable library any longer, but I can't easily find out when that happened, so mark today's version as fixed. To generate a diff of this commit: cvs rdiff -u -r1.143 -r1.144 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_170947054985720 Content-Disposition: inline Content-Length: 1297 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.143 pkgsrc/doc/pkg-vulnerabilities:1.144 --- pkgsrc/doc/pkg-vulnerabilities:1.143 Tue Feb 27 13:37:50 2024 +++ pkgsrc/doc/pkg-vulnerabilities Sun Mar 3 12:55:49 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.143 2024/02/27 13:37:50 tm Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.144 2024/03/03 12:55:49 wiz Exp $ # #FORMAT 1.0.0 # @@ -21538,7 +21538,7 @@ php{56,72,73,74,80}-nextcloud<21.0.3 inf php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-32680 php{56,72,73,74,80}-nextcloud<21.0.3 remote-security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-32678 php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-32679 -prometheus-[0-9]* insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538 +prometheus<2.50.1 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538 grafana-[0-9]* insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538 apache-ant<1.9.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-36373 apache-ant>=1.10<1.10.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-36373 --_----------=_170947054985720--