Authentication-Results: name.execsw.org;
	dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=AIXb2U4u;
	dkim=pass (1024-bit key) header.d=netbsd.org header.i=@netbsd.org header.b=xDdRtndX
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 9A19D84F34; Wed, 15 May 2024 07:53:38 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1715759618;
	bh=IdrDDfkROAePc6sll8RVfPu3StQs0arRpLQww5wiwgA=;
	h=Date:From:Subject:To:Reply-To:List-Id:List-Unsubscribe;
	b=AIXb2U4uy1y0Qvzsskg68DaywZZlJKmn2XvITUhZi1XMjBhfhLJqiwrxSVfAWD3st
	 vc6fJxlNtLJ8o8sZDoXzTPzTIiv9kM+tCgGKRfSw3wsTLhnxi+/U0egxyZGRAc3PAG
	 vt8APoOtcTOmcFf0ouMZy8ho408X4TKVV27FC6g4=
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id 8A40484F19
	for <pkgsrc-changes@NetBSD.org>; Wed, 15 May 2024 07:53:37 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Authentication-Results: mail.netbsd.org (amavisd-new);
	dkim=pass (1024-bit key) header.d=netbsd.org
Received: from mail.netbsd.org ([127.0.0.1])
	by localhost (mail.netbsd.org [127.0.0.1]) (amavisd-new, port 10025)
	with ESMTP id LsI9p86P2KYh for <pkgsrc-changes@netbsd.org>;
	Wed, 15 May 2024 07:53:36 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id D871784ED2
	for <pkgsrc-changes@NetBSD.org>; Wed, 15 May 2024 07:53:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netbsd.org;
	s=20240131; t=1715759616;
	bh=IdrDDfkROAePc6sll8RVfPu3StQs0arRpLQww5wiwgA=;
	h=Date:From:Subject:To:Reply-To;
	b=xDdRtndXOfBmxk9cVQwJaYYf7lW7Pp3FnDZHZeKkzMJ/geWaBHMkHG7pLXOAS4AE+
	 bqTCJg1+0Wpmw9jMhhE+kvIPm9nVu+IITWubXHE7q3arcYpGexEa4w3gdG4ZaN8m3h
	 tcqnMHLO9jeDWlI8FA3ugmpoJm1X+Q3/RC8WzP1c=
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id CE4E3FA2C; Wed, 15 May 2024 07:53:36 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_171575961622830"
MIME-Version: 1.0
Date: Wed, 15 May 2024 07:53:36 +0000
From: "Thomas Klausner" <wiz@netbsd.org>
Subject: CVS commit: pkgsrc/doc
To: pkgsrc-changes@NetBSD.org
Reply-To: wiz@netbsd.org
X-Mailer: log_accum
Message-Id: <20240515075336.CE4E3FA2C@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: <pkgsrc-changes.NetBSD.org>
Precedence: bulk
List-Unsubscribe: <mailto:majordomo@NetBSD.org?subject=Unsubscribe%20pkgsrc-changes&body=unsubscribe%20pkgsrc-changes>

This is a multi-part message in MIME format.

--_----------=_171575961622830
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	wiz
Date:		Wed May 15 07:53:36 UTC 2024

Modified Files:
	pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc: add some upper bounds


To generate a diff of this commit:
cvs rdiff -u -r1.195 -r1.196 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_171575961622830
Content-Disposition: inline
Content-Length: 3645
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.195 pkgsrc/doc/pkg-vulnerabilities:1.196
--- pkgsrc/doc/pkg-vulnerabilities:1.195	Tue May 14 23:06:15 2024
+++ pkgsrc/doc/pkg-vulnerabilities	Wed May 15 07:53:36 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.195 2024/05/14 23:06:15 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.196 2024/05/15 07:53:36 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -17102,7 +17102,7 @@ python36<3.6.9		restriction-bypass	https
 python37<3.7.4		restriction-bypass	https://nvd.nist.gov/vuln/detail/CVE-2019-9948
 ImageMagick6<6.9.10.35	stack-overflow		https://nvd.nist.gov/vuln/detail/CVE-2019-9956
 ImageMagick<7.0.8.35	stack-overflow		https://nvd.nist.gov/vuln/detail/CVE-2019-9956
-gitea-[0-9]*	server-side-request-forgery	https://nvd.nist.gov/vuln/detail/CVE-2018-15192
+gitea<1.16.0	server-side-request-forgery	https://nvd.nist.gov/vuln/detail/CVE-2018-15192
 ap24-auth-mellon<0.14.2	open-redirect		https://nvd.nist.gov/vuln/detail/CVE-2019-3877
 ap24-auth-mellon<0.14.2	authentication-bypass	https://nvd.nist.gov/vuln/detail/CVE-2019-3878
 xpdf-[0-9]*	floating-point-exception	https://nvd.nist.gov/vuln/detail/CVE-2019-10018
@@ -19461,9 +19461,7 @@ wordpress<5.4.2	authentication-bypass	ht
 upx<3.96	integer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2019-20805
 sane-backends<1.0.30	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-12867
 py{27,36,37,38}-rsa<4.1	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-13757
-grafana-[0-9]*	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-18624
-grafana-[0-9]*	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-18625
-grafana-[0-9]*	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-18623
+grafana<6.0.0	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-18623
 libvirt>=3.10.0<6.0.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-10703
 mediawiki<1.35	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2020-10959
 qemu<4.2.0	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2020-13659
@@ -20008,7 +20006,7 @@ mediawiki<1.34.4	cross-site-scripting	ht
 mediawiki<1.34.4	invalid-validation	https://nvd.nist.gov/vuln/detail/CVE-2020-26121
 py{27,36,37,38}-rpyc>=4.1.0<4.1.2	arbitrary-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2019-16328
 py{27,36,37,38}-djangorestframework<3.12.0	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2020-25626
-grafana-[0-9]*		signature-forgery	https://nvd.nist.gov/vuln/detail/CVE-2020-15216
+grafana<8.3.1		signature-forgery	https://nvd.nist.gov/vuln/detail/CVE-2020-15216
 vault>=1.5.0<1.5.4	access-bypass		https://nvd.nist.gov/vuln/detail/CVE-2020-25816
 vault>=1.4.0<1.4.7	access-bypass		https://nvd.nist.gov/vuln/detail/CVE-2020-25816
 mantis<2.24.3		cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2020-25288
@@ -24921,7 +24919,7 @@ lepton-[0-9]*	unspecified	https://nvd.ni
 binutils<2.40	out-of-bounds-write	https://nvd.nist.gov/vuln/detail/CVE-2022-38533
 binutils<2.40	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2022-4285
 awstats>=7<7.9	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2022-46391
-assimp-[0-9]*	use-after-free	https://nvd.nist.gov/vuln/detail/CVE-2022-45748
+assimp<5.4.0	use-after-free	https://nvd.nist.gov/vuln/detail/CVE-2022-45748
 knot<5.5.3	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-40188
 freeciv>=2.6.7<3.0.3	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2022-39047
 modular-xorg-server<21.1.4	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2022-2319


--_----------=_171575961622830--