Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=TxZ5jKDO; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=VA9bcYxl Received: by mail.netbsd.org (Postfix, from userid 605) id B61DB84E84; Sat, 13 Apr 2024 03:10:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712977837; bh=BzWcKUkDpY0iSH4ulZ+eTBGlN4RFo8NPOnhfFsVsGkA=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=TxZ5jKDOldrKVZxHwM9MNcP2CKZTtgsg4LaRggc0kqgK52Q2w98j0ZqoWs+P2YG+1 8DgbBZIob91j3WE89I7aPaf51Z8cQJ8BLXWIBSWDxUHVk2h7Os/0UsUo0NSgyAwKaj AYxZO8ksr9yuTHheAel/dQ0oykqWpO7pY6xyOYTI= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id A747A84E19 for ; Sat, 13 Apr 2024 03:10:36 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id G--6pt_ERnRm for ; Sat, 13 Apr 2024 03:10:36 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id 2028484D08 for ; Sat, 13 Apr 2024 03:10:36 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1712977836; bh=BzWcKUkDpY0iSH4ulZ+eTBGlN4RFo8NPOnhfFsVsGkA=; h=Date:From:Subject:To:Reply-To; b=VA9bcYxl7r68yTSoZqNqD7WLt0CIiBpVPlPSpZ5UuNfyTsLKaQ7LQb7ourR6+BRR8 /DxBgPzHs6V5x9Sb07JFYKv11c6LoeIjTCv51vW+f8+d91fTkZi7pvoBVXbuF1t0OB i1q/SZFi4Hr6Mmd3+glLkd+Xy3QzLj5Jlh5QiGpE= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 16F7BFA2C; Sat, 13 Apr 2024 03:10:36 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1712977836165410" MIME-Version: 1.0 Date: Sat, 13 Apr 2024 03:10:36 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20240413031036.16F7BFA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1712977836165410 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Sat Apr 13 03:10:35 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc/pkg-vulnerabilities: add several php{80,81,82} entries CVE-2024-1874 https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 CVE-2024-2756 https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 CVE-2024-3096 https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr To generate a diff of this commit: cvs rdiff -u -r1.170 -r1.171 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1712977836165410 Content-Disposition: inline Content-Length: 1733 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.170 pkgsrc/doc/pkg-vulnerabilities:1.171 --- pkgsrc/doc/pkg-vulnerabilities:1.170 Fri Apr 12 07:28:33 2024 +++ pkgsrc/doc/pkg-vulnerabilities Sat Apr 13 03:10:35 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.170 2024/04/12 07:28:33 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.171 2024/04/13 03:10:35 taca Exp $ # #FORMAT 1.0.0 # @@ -25981,3 +25981,12 @@ php{80,81,82}-concrete-cms<9.2.8 cross-s php{80,81,82}-concrete-cms<9.2.8 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-3180 php{80,81,82}-concrete-cms<9.2.8 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-3181 p5-HTTP-Body<1.23 shell-escape https://nvd.nist.gov/vuln/detail/CVE-2013-4407 +php81<8.1.28 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 +php81>=8.1.11<8.1.28 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 +php81<8.1.28 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr +php82<8.2.18 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 +php82<8.2.18 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 +php82<8.2.18 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr +php83<8.3.5 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 +php83<8.3.5 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 +php83<8.3.5 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr --_----------=_1712977836165410--