Wed Oct 4 16:27:27 2023 UTC ()
doc: django, grub2 vulnerabilities


(wiz)
diff -r1.6 -r1.7 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.6 -r1.7 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2023/10/03 21:46:00 1.6
+++ pkgsrc/doc/pkg-vulnerabilities 2023/10/04 16:27:27 1.7
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.6 2023/10/03 21:46:00 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.7 2023/10/04 16:27:27 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25304,13 +25304,18 @@ exim-[0-9]* sensitive-information-disclo @@ -25304,13 +25304,18 @@ exim-[0-9]* sensitive-information-disclo
25304exim-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42115 25304exim-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42115
25305exim-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42116 25305exim-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42116
25306exim-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42117 25306exim-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42117
25307libspf2-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42118 25307libspf2-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42118
25308exim-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-42119 25308exim-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-42119
25309gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40474 25309gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40474
25310gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40475 25310gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40475
25311gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40476 25311gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40476
25312libX11<1.8.7 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-43785 25312libX11<1.8.7 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-43785
25313libX11<1.8.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43786 25313libX11<1.8.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43786
25314libX11<1.8.7 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-43787 25314libX11<1.8.7 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-43787
25315libXpm<3.5.17 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-43788 25315libXpm<3.5.17 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-43788
25316libXpm<3.5.17 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-43789 25316libXpm<3.5.17 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-43789
 25317py{27,37,38,39,310,311}-django>=3.2<3.2.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43665
 25318py{27,37,38,39,310,311}-django>=4.1<4.1.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43665
 25319py{27,37,38,39,310,311}-django>=4.2<4.2.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43665
 25320grub2-[0-9]* out-of-bounds https://nvd.nist.gov/vuln/detail/CVE-2023-4692
 25321grub2-[0-9]* out-of-bounds https://nvd.nist.gov/vuln/detail/CVE-2023-4693