Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=IeWC1abZ; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=EENb8gj6 Received: by mail.netbsd.org (Postfix, from userid 605) id 8B94E84EB1; Thu, 25 Apr 2024 15:14:51 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1714058091; bh=WVz/1naGAQNArfYDYRz5zckWz5r8WF/KJwo+6qR8Guk=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=IeWC1abZ0q0YZvbD5LeoLhYqWI8bqvS6a7ykKuM2muVz+xPDCR5CGBQj7L6o6jeTE 9e0OGo2wOCaqN1FnUDIf/clfiENhiLeBL0WAzLHzj3/AQcWrqJXEOqSwCck5lFADWq wQoa1Gp/5HnCuxs+XDK5qC1WXlh9+OkEHtefGMV8= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id 785C984EAF for ; Thu, 25 Apr 2024 15:14:50 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([IPv6:::1]) by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025) with ESMTP id ynMnQBw7rPzf for ; Thu, 25 Apr 2024 15:14:50 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197]) by mail.netbsd.org (Postfix) with ESMTP id B8CCD84D82 for ; Thu, 25 Apr 2024 15:14:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1714058090; bh=WVz/1naGAQNArfYDYRz5zckWz5r8WF/KJwo+6qR8Guk=; h=Date:From:Subject:To:Reply-To; b=EENb8gj6mEn2jLDaYfqskY0qjdIoHt3MOyzyc02O2GlH4lbk2hZCVhvG7XV7hT0JR UP1vXWKKeW8+uzDyd1HYYdFyrPRWA/kiZrXCxM28IxxPJKw2tBK+ipPkt1oDLOhxvX KNOrzQoo0yavhAu7fCh5U91mI148CDHlVTf6ui5M= Received: by cvs.NetBSD.org (Postfix, from userid 500) id A9517FA2C; Thu, 25 Apr 2024 15:14:49 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_1714058089150290" MIME-Version: 1.0 Date: Thu, 25 Apr 2024 15:14:49 +0000 From: "Takahiro Kambe" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: taca@netbsd.org X-Mailer: log_accum Message-Id: <20240425151449.A9517FA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_1714058089150290 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: taca Date: Thu Apr 25 15:14:49 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc/pkg-vulnerabilities: add CVE-2024-27282 Add CVE-2024-27282 for ruby31-base, ruby32-base and ruby33. To generate a diff of this commit: cvs rdiff -u -r1.179 -r1.180 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_1714058089150290 Content-Disposition: inline Content-Length: 1180 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.179 pkgsrc/doc/pkg-vulnerabilities:1.180 --- pkgsrc/doc/pkg-vulnerabilities:1.179 Thu Apr 25 07:24:08 2024 +++ pkgsrc/doc/pkg-vulnerabilities Thu Apr 25 15:14:49 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.179 2024/04/25 07:24:08 wiz Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.180 2024/04/25 15:14:49 taca Exp $ # #FORMAT 1.0.0 # @@ -25992,3 +25992,6 @@ php>=7.4<8.0 eol http://ftp.NetBSD.org/ php>=8.0<8.1 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages putty<0.81 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 filezilla<3.67.0 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 +ruby31-base>=3.1<3.1.5 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ +ruby32-base>=3.2<3.2.4 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ +ruby33>=3.3<3.3.1 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ --_----------=_1714058089150290--