Tue Oct 10 17:33:57 2023 UTC ()
doc: pkg-vulnerabilities +haproxy, +p7zip, +py-MechanicalSoup, +tightvnc, +unrar, +vim


(tm)
diff -r1.33 -r1.34 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.33 -r1.34 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2023/10/10 17:24:50 1.33
+++ pkgsrc/doc/pkg-vulnerabilities 2023/10/10 17:33:56 1.34
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.33 2023/10/10 17:24:50 tm Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.34 2023/10/10 17:33:56 tm Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25590,13 +25590,30 @@ go120<1.20.9 arbitrary-code-execution ht @@ -25590,13 +25590,30 @@ go120<1.20.9 arbitrary-code-execution ht
25590php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44766 25590php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44766
25591php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44765 25591php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44765
25592php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44762 25592php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44762
25593php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44761 25593php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44761
25594php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44764 25594php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44764
25595gradle<7.6.3 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2023-42445 25595gradle<7.6.3 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2023-42445
25596py{27,37,38,39,310,311,312}-octoprint<1.9.3 code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-41047 25596py{27,37,38,39,310,311,312}-octoprint<1.9.3 code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-41047
25597php{56,73,74,80,81,82}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44393 25597php{56,73,74,80,81,82}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44393
25598asn1c-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-23910 25598asn1c-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-23910
25599asn1c-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-23911 25599asn1c-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-23911
25600yajl-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-33460 25600yajl-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-33460
25601zziplib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18770 25601zziplib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18770
25602xterm<380 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40359 25602xterm<380 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40359
 25603vim<9.0.1847 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2023-4735
 25604vim<9.0.1846 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4734
 25605vim<9.0.1833 access-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-4736
 25606vim<9.0.1848 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4738
 25607vim<9.0.1331 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4751
 25608vim<9.0.1858 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-4752
 25609vim<9.0.1840 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-4733
 25610vim<9.0.1857 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-4750
 25611vim<9.0.1873 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4781
 25612tightvnc<2.8.75 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-27830
 25613unrar<6.2.3 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-48579
 25614haproxy<2.7.1 information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-0836
 25615haproxy<2.7.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-25950
 25616haproxy<2.8.2 request-forgery https://nvd.nist.gov/vuln/detail/CVE-2023-40225
 25617py{27,37,38,39,310,311,312}-MechanicalSoup<1.3.0 arbitrary-file-read https://nvd.nist.gov/vuln/detail/CVE-2023-34457
 25618p7zip-[0-9]* out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-47069
 25619p7zip-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-1576