| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.33 2023/10/10 17:24:50 tm Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.34 2023/10/10 17:33:56 tm Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25590,13 +25590,30 @@ go120<1.20.9 arbitrary-code-execution ht | | | @@ -25590,13 +25590,30 @@ go120<1.20.9 arbitrary-code-execution ht |
25590 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44766 | | 25590 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44766 |
25591 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44765 | | 25591 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44765 |
25592 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44762 | | 25592 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44762 |
25593 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44761 | | 25593 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44761 |
25594 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44764 | | 25594 | php{56,73,74,80,81,82}-concrete5-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44764 |
25595 | gradle<7.6.3 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2023-42445 | | 25595 | gradle<7.6.3 xml-external-entity https://nvd.nist.gov/vuln/detail/CVE-2023-42445 |
25596 | py{27,37,38,39,310,311,312}-octoprint<1.9.3 code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-41047 | | 25596 | py{27,37,38,39,310,311,312}-octoprint<1.9.3 code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-41047 |
25597 | php{56,73,74,80,81,82}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44393 | | 25597 | php{56,73,74,80,81,82}-piwigo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-44393 |
25598 | asn1c-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-23910 | | 25598 | asn1c-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-23910 |
25599 | asn1c-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-23911 | | 25599 | asn1c-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-23911 |
25600 | yajl-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-33460 | | 25600 | yajl-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-33460 |
25601 | zziplib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18770 | | 25601 | zziplib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18770 |
25602 | xterm<380 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40359 | | 25602 | xterm<380 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40359 |
| | | 25603 | vim<9.0.1847 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2023-4735 |
| | | 25604 | vim<9.0.1846 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4734 |
| | | 25605 | vim<9.0.1833 access-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-4736 |
| | | 25606 | vim<9.0.1848 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4738 |
| | | 25607 | vim<9.0.1331 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4751 |
| | | 25608 | vim<9.0.1858 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-4752 |
| | | 25609 | vim<9.0.1840 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-4733 |
| | | 25610 | vim<9.0.1857 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-4750 |
| | | 25611 | vim<9.0.1873 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-4781 |
| | | 25612 | tightvnc<2.8.75 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-27830 |
| | | 25613 | unrar<6.2.3 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-48579 |
| | | 25614 | haproxy<2.7.1 information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-0836 |
| | | 25615 | haproxy<2.7.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-25950 |
| | | 25616 | haproxy<2.8.2 request-forgery https://nvd.nist.gov/vuln/detail/CVE-2023-40225 |
| | | 25617 | py{27,37,38,39,310,311,312}-MechanicalSoup<1.3.0 arbitrary-file-read https://nvd.nist.gov/vuln/detail/CVE-2023-34457 |
| | | 25618 | p7zip-[0-9]* out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-47069 |
| | | 25619 | p7zip-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-1576 |