Authentication-Results: name.execsw.org; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=fdWE/j4s; dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=LPt4d2zb Received: by mail.netbsd.org (Postfix, from userid 605) id EDB6884D62; Sat, 27 Apr 2024 06:10:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1714198229; bh=oN6Hce0o/Kw+S+lUkZq9vn1IMQd617iqZtyrC88bGic=; h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe; b=fdWE/j4sSW/GnBFnt6YRan3LzJdl5/WG+qBrQfL3eomlBsu/KIY9T2G7GQbnJrvcg +Ak3pRxovQW92AnDpKcI8WJE0sbKDW/OAxDT5qMDNfOjidUP5nvhkd+8W1eMBosCYw ndH+Mw9ArQMw16ICYXGjGZ5bbgggWUDHaKt8SxrE= Received: from localhost (localhost [127.0.0.1]) by mail.netbsd.org (Postfix) with ESMTP id DCAC684CE2 for ; Sat, 27 Apr 2024 06:10:27 +0000 (UTC) X-Virus-Scanned: amavisd-new at netbsd.org Authentication-Results: mail.netbsd.org (amavisd-new); dkim=pass (1024-bit key) header.d=netbsd.org Received: from mail.netbsd.org ([127.0.0.1]) by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025) with ESMTP id ROOfeCMPgfMK for ; Sat, 27 Apr 2024 06:10:27 +0000 (UTC) Received: from cvs.NetBSD.org (ivanova.NetBSD.org [IPv6:2001:470:a085:999:28c:faff:fe03:5984]) by mail.netbsd.org (Postfix) with ESMTP id 4228F84CD9 for ; Sat, 27 Apr 2024 06:10:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org; s=20240131; t=1714198227; bh=oN6Hce0o/Kw+S+lUkZq9vn1IMQd617iqZtyrC88bGic=; h=Date:From:Subject:To:Reply-To; b=LPt4d2zbtE7w1vdvThmuVbKe/YpAQ7gH1LMbm9Sf50G6upaJrCFyMNGOWTajjWUPh QP+llWJ7Lv//pCdtGvZLq0Zy9aJjoCkBsP0adsGhTAfoI8RXjQ8PRalVUBPUWIDzn2 oUWwo+VM2AX2z+IAbkViSwxLGZDK0YwviArHCd98= Received: by cvs.NetBSD.org (Postfix, from userid 500) id 2EADFFA2C; Sat, 27 Apr 2024 06:10:27 +0000 (UTC) Content-Transfer-Encoding: 7bit Content-Type: multipart/mixed; boundary="_----------=_171419822739070" MIME-Version: 1.0 Date: Sat, 27 Apr 2024 06:10:27 +0000 From: "Thomas Klausner" Subject: CVS commit: pkgsrc/doc To: pkgsrc-changes@NetBSD.org Reply-To: wiz@netbsd.org X-Mailer: log_accum Message-Id: <20240427061027.2EADFFA2C@cvs.NetBSD.org> Sender: pkgsrc-changes-owner@NetBSD.org List-Id: Precedence: bulk List-Unsubscribe: This is a multi-part message in MIME format. --_----------=_171419822739070 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII" Module Name: pkgsrc Committed By: wiz Date: Sat Apr 27 06:10:27 UTC 2024 Modified Files: pkgsrc/doc: pkg-vulnerabilities Log Message: doc: add upper bounds for emacs vulns; remove very unspecific hiawatha hiawatha entry from 2010, and URL doesn't exist any longer To generate a diff of this commit: cvs rdiff -u -r1.180 -r1.181 pkgsrc/doc/pkg-vulnerabilities Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. --_----------=_171419822739070 Content-Disposition: inline Content-Length: 2239 Content-Transfer-Encoding: binary Content-Type: text/x-diff; charset=us-ascii Modified files: Index: pkgsrc/doc/pkg-vulnerabilities diff -u pkgsrc/doc/pkg-vulnerabilities:1.180 pkgsrc/doc/pkg-vulnerabilities:1.181 --- pkgsrc/doc/pkg-vulnerabilities:1.180 Thu Apr 25 15:14:49 2024 +++ pkgsrc/doc/pkg-vulnerabilities Sat Apr 27 06:10:26 2024 @@ -1,4 +1,4 @@ -# $NetBSD: pkg-vulnerabilities,v 1.180 2024/04/25 15:14:49 taca Exp $ +# $NetBSD: pkg-vulnerabilities,v 1.181 2024/04/27 06:10:26 wiz Exp $ # #FORMAT 1.0.0 # @@ -5172,7 +5172,6 @@ py{24,25,26,27,31}-moin<1.9.3nb1 arbitra postfix<2.7.3 command-injection http://www.kb.cert.org/vuls/id/555316 postfix>=2.8.20100000<2.8.20110115 command-injection http://www.kb.cert.org/vuls/id/555316 TeXmacs-[0-9]* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 -hiawatha-[0-9]* multiple-vulnerabilities http://www.hiawatha-webserver.org/changelog patch<2.7 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 tiff<3.9.4nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022 @@ -25099,9 +25098,9 @@ knot<5.6 denial-of-service https://nvd.n jd-gui-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-26235 jd-gui-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2023-26234 glusterfs-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-48340 -emacs-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48339 -emacs-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48338 -emacs-[0-9]* shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-48337 +emacs<29.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48339 +emacs<29.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48338 +emacs<29.1 shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-48337 zoneminder<1.36.33 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26039 zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26038 zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26037 --_----------=_171419822739070--