| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.49 2023/10/17 11:44:02 prlw1 Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.50 2023/10/19 08:56:37 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25730,13 +25730,17 @@ libdwarf<0.3.4 out-of-bounds-read https: | | | @@ -25730,13 +25730,17 @@ libdwarf<0.3.4 out-of-bounds-read https: |
25730 | libdwarf<0.3.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-28163 | | 25730 | libdwarf<0.3.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-28163 |
25731 | kilo-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-20335 | | 25731 | kilo-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-20335 |
25732 | h2o-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-30847 | | 25732 | h2o-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-30847 |
25733 | atasm-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-34123 | | 25733 | atasm-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-34123 |
25734 | KeePass>=2.00<2.54 memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-32784 | | 25734 | KeePass>=2.00<2.54 memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-32784 |
25735 | curl>=7.69.0<8.4.0 heap-based-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-38545 | | 25735 | curl>=7.69.0<8.4.0 heap-based-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-38545 |
25736 | curl>=7.9.1<8.4.0 external-control-of-file-name-or-path https://nvd.nist.gov/vuln/detail/CVE-2023-38546 | | 25736 | curl>=7.9.1<8.4.0 external-control-of-file-name-or-path https://nvd.nist.gov/vuln/detail/CVE-2023-38546 |
25737 | samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961 | | 25737 | samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961 |
25738 | samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961 | | 25738 | samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961 |
25739 | samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669 | | 25739 | samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669 |
25740 | samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669 | | 25740 | samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669 |
25741 | samba4>=4.17<4.17.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670 | | 25741 | samba4>=4.17<4.17.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670 |
25742 | samba4>=4.18<4.18.8 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670 | | 25742 | samba4>=4.18<4.18.8 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670 |
| | | 25743 | # unclear, see https://github.com/apache/httpd-site/pull/10 |
| | | 25744 | apache-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
| | | 25745 | hs-http2<4.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
| | | 25746 | varnish-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |