Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=Rj4tIwsR; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=Xv33wl6V Received: by mail.netbsd.org (Postfix, from userid 605) id 22B8384E57; Fri, 12 Apr 2024 07:28:35 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712906915; bh=c4G7gkmokH8NXMdd0ZrIM2UusF7Z7manZIynN3Ilmvg=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=Rj4tIwsRL/hTBhmF1dNAjcxMZOoe1oz7k4JHSk+Z+okhTj1QEt45uVPUHLgcqoCIr 783GeGHNAwxxVn67rmw98WuCL1WCHmPpoHcLcnBdA6pIr5DSjlQsWneoUfDKdAlRxa KjgZfoBv7RW8I+2/+3NzvZIViE4Spjgq6OCYI7MU= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 127FE84E54 for ; Fri, 12 Apr 2024 07:28:34 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id tZWOyJGuROI0 for ; Fri, 12 Apr 2024 07:28:33 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 7F0CF84CFC for ; Fri, 12 Apr 2024 07:28:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712906913; bh=c4G7gkmokH8NXMdd0ZrIM2UusF7Z7manZIynN3Ilmvg=; h=Date:From:Subject:To:Reply-To; b=Xv33wl6VRzXKQqJdt+69smYOCskOgGcjNyAbIMKgMhnIE2TIJUG/JYziiTG9g0+pl VYpl7AEoJSz7AdqX7TZUBD8h3DhylbvcD4csn7IhFaKDaEiI7qUZKCBDhH2lYFwc39 6oukyAuUby65hsJqPOz1Ri3CrMTj7XgPHF7MK+NY= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 7159AFA2C; Fri, 12 Apr 2024 07:28:33 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1712906913136950" MIME-Version: 1.0 Date: Fri, 12 Apr 2024 07:28:33 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20240412072833.7159AFA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1712906913136950 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Fri Apr 12 07:28:33 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc: add more upper bounds tex-context was fixed in https://github.com/contextgarden/context-mirror/commit/25fcad7435f56cdce2658336909f4da6a65589c0 in 2018, but I'm not sure what version that corresponds to so just mark today's version safe. To generate a diff of this commit: cvs rdiff -u -r1.169 -r1.170 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1712906913136950 Content-Disposition: inline Content-Length: 1354 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.169 pkgsrc/doc/pkg-vulnerabilities:1.170 --- pkgsrc/doc/pkg-vulnerabilities:1.169 Thu Apr 11 06:46:19 2024 +++ pkgsrc/doc/pkg-vulnerabilities Fri Apr 12 07:28:33 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.169 2024/04/11 06:46:19 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.170 2024/04/12 07:28:33 wiz Exp $ # #FORMAT 1.0.0 # @@ -14074,8 +14074,8 @@ poppler-utils<0.57.0 heap-overflow http poppler<0.60.0 null-dereference https://nvd.nist.gov/vuln/detail/CVE-2017-14975 poppler<0.60.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2017-14976 poppler<0.60.0 null-dereference https://nvd.nist.gov/vuln/detail/CVE-2017-14977 -tex-context-[0-9]* command-injection https://nvd.nist.gov/vuln/detail/CVE-2017-17513 -tex-lualibs-[0-9]* command-injection https://nvd.nist.gov/vuln/detail/CVE-2017-17513 +tex-context<2024 command-injection https://nvd.nist.gov/vuln/detail/CVE-2017-17513 +tex-lualibs<2.61 command-injection https://nvd.nist.gov/vuln/detail/CVE-2017-17513 ruby{22,23,24,25}-rails-[0-9]* sql-injection https://nvd.nist.gov/vuln/detail/CVE-2017-17920 ImageMagick<7.0.7.19 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2017-18008 opencv<3.4.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2017-18009 --_----------=_1712906913136950--