Tue Oct 10 19:32:45 2023 UTC ()
doc: pkg-vulnerabilities +routinator, +sniproxy, +sofia-sip, +spice-server, +terraform


(tm)
diff -r1.39 -r1.40 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.39 -r1.40 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2023/10/10 19:25:06 1.39
+++ pkgsrc/doc/pkg-vulnerabilities 2023/10/10 19:32:44 1.40
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.39 2023/10/10 19:25:06 tm Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.40 2023/10/10 19:32:44 tm Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25660,13 +25660,19 @@ tiff<4.5.0 denial-of-service https://nvd @@ -25660,13 +25660,19 @@ tiff<4.5.0 denial-of-service https://nvd
25660tiff-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-26965 25660tiff-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-26965
25661tiff>=3.9.0<4.5.1 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-3316 25661tiff>=3.9.0<4.5.1 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-3316
25662tiff<4.5.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-3618 25662tiff<4.5.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-3618
25663tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-40090 25663tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-40090
25664consul>=1.15.0<1.15.3 sensitive-information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-2816 25664consul>=1.15.0<1.15.3 sensitive-information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-2816
25665consul>=1.13.0<1.15.3 sensitive-information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-1297 25665consul>=1.13.0<1.15.3 sensitive-information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-1297
25666consul<1.16.1 sensitive-information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-3518 25666consul<1.16.1 sensitive-information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-3518
25667faad2-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-38858 25667faad2-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-38858
25668faad2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-38857 25668faad2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-38857
25669bitcoin<24.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-33297 25669bitcoin<24.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-33297
25670bitcoin-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-37192 25670bitcoin-[0-9]* memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-37192
25671gnuplot-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-25969 25671gnuplot-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-25969
25672screen<4.9.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-24626 25672screen<4.9.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-24626
 25673terraform>=1.0.8<1.5.7 overwrite-arbitrary-files https://nvd.nist.gov/vuln/detail/CVE-2023-4782
 25674sniproxy<0.6.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25076
 25675spice-server-[0-9]* authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-23793
 25676routinator<0.12.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-39915
 25677routinator>=0.9.0<0.12.2 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-39916
 25678sofia-sip<1.13.15 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-32307