Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=nOqvcSPw; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=HRgXvHfs Received: by mail.netbsd.org (Postfix, from userid 605) id 5EDC184E63; Wed, 10 Apr 2024 07:27:02 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712734022; bh=nJAy3VC/uurqAnvBHBV+LfTjxk2PZ7VkJnH/2gSLQBk=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=nOqvcSPw1+PQBz23EfEzdrQ7dZ/8odKJ7yU5/9ox+VkbwhKAUo7iXk8J0Eof2WFvP kMVGZsTFhcwndzUI/EVu1loTS0ZRTmExptfHlnoU2vyChvyLZR6uWnNvt69wKSO/U5 ihq6bcDC0zcACmQU89NUP+H7yySlJFdVD+2DHg3s= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 503D784DB9 for ; Wed, 10 Apr 2024 07:27:01 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id mkdA5gYMVQ_s for ; Wed, 10 Apr 2024 07:27:00 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 9E37384C13 for ; Wed, 10 Apr 2024 07:27:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712734020; bh=nJAy3VC/uurqAnvBHBV+LfTjxk2PZ7VkJnH/2gSLQBk=; h=Date:From:Subject:To:Reply-To; b=HRgXvHfsEf+vQd5y9Hgj3qmbyea0fY1qyMy94CCwBXPfy06K77mj/Xwnkb/80VEds VKSPAd3t311/XdI0kRQevqwhhGGpvcyWd4ooy/OsMFa3CWwaNIPbruLVs6hFjjir2l mKaqRWt3aV7EMLj6Avk3r+0bANiH73lW0RFw1gFk= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 957C4FA2C; Wed, 10 Apr 2024 07:27:00 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1712734020277380" MIME-Version: 1.0 Date: Wed, 10 Apr 2024 07:27:00 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20240410072700.957C4FA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1712734020277380 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Wed Apr 10 07:27:00 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc: add more upper bounds To generate a diff of this commit: cvs rdiff -u -r1.166 -r1.167 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1712734020277380 Content-Disposition: inline Content-Length: 2741 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.166 pkgsrc/doc/pkg-vulnerabilities:1.167 --- pkgsrc/doc/pkg-vulnerabilities:1.166 Mon Apr 8 06:31:39 2024 +++ pkgsrc/doc/pkg-vulnerabilities Wed Apr 10 07:27:00 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.166 2024/04/08 06:31:39 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.167 2024/04/10 07:27:00 wiz Exp $ # #FORMAT 1.0.0 # @@ -14881,7 +14881,8 @@ awstats-[0-9]* information-disclosure ht binutils<2.31 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-8945 zabbix<3.4.1 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2017-2825 nasm<2.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2018-10254 -tiff-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2018-10126 +# reported against tiff, see https://gitlab.com/libtiff/libtiff/-/issues/128 +jpeg<9d null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2018-10126 mupdf<1.14.0 infinite-loop https://nvd.nist.gov/vuln/detail/CVE-2018-10289 curl<7.52.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2016-9586 curl<7.52.1 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2016-9594 @@ -16677,7 +16678,7 @@ ghostscript-gpl-[0-9]* arbitrary-code-ex ghostscript-agpl<9.27 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2019-6116 py27-gnupg<0.4.4 input-validation https://nvd.nist.gov/vuln/detail/CVE-2019-6690 gd<2.3.0 double-free https://nvd.nist.gov/vuln/detail/CVE-2019-6978 -openjpeg-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-6988 +openjpeg<2.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-6988 zoneminder-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2019-6990 zoneminder-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2019-6991 zoneminder-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2019-6992 @@ -22959,7 +22960,7 @@ cmark-gfm<0.29.0.gfm.3 integer-overflow cacti-[0-9]* authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-0730 py{27,36,37,38,39,310}-twisted<22.2.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-21716 qemu<7.2.0 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2021-3638 -openjpeg-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3575 +openjpeg<2.5.1 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3575 openexr<2.5.4 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-20303 openexr<2.5.4 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-20300 openexr<2.5.4 floating-point-exception https://nvd.nist.gov/vuln/detail/CVE-2021-20302 --_----------=_1712734020277380--