Fri Oct 20 18:36:59 2023 UTC ()
doc: pkg-vulnerabilities: remove one apache entry

(https://github.com/icing/blog/blob/main/h2-rapid-reset.md)


(wiz)
diff -r1.52 -r1.53 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.52 -r1.53 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2023/10/19 13:31:51 1.52
+++ pkgsrc/doc/pkg-vulnerabilities 2023/10/20 18:36:59 1.53
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.52 2023/10/19 13:31:51 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.53 2023/10/20 18:36:59 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25730,20 +25730,18 @@ libdwarf<0.3.4 out-of-bounds-read https: @@ -25730,20 +25730,18 @@ libdwarf<0.3.4 out-of-bounds-read https:
25730libdwarf<0.3.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-28163 25730libdwarf<0.3.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2020-28163
25731kilo-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-20335 25731kilo-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-20335
25732h2o-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-30847 25732h2o-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-30847
25733atasm-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-34123 25733atasm-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-34123
25734KeePass>=2.00<2.54 memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-32784 25734KeePass>=2.00<2.54 memory-leak https://nvd.nist.gov/vuln/detail/CVE-2023-32784
25735curl>=7.69.0<8.4.0 heap-based-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-38545 25735curl>=7.69.0<8.4.0 heap-based-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-38545
25736curl>=7.9.1<8.4.0 external-control-of-file-name-or-path https://nvd.nist.gov/vuln/detail/CVE-2023-38546 25736curl>=7.9.1<8.4.0 external-control-of-file-name-or-path https://nvd.nist.gov/vuln/detail/CVE-2023-38546
25737samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961 25737samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961
25738samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961 25738samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-3961
25739samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669 25739samba4>=4.17<4.17.12 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669
25740samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669 25740samba4>=4.18<4.18.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2023-42669
25741samba4>=4.17<4.17.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670 25741samba4>=4.17<4.17.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670
25742samba4>=4.18<4.18.8 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670 25742samba4>=4.18<4.18.8 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-42670
25743# unclear, see https://github.com/apache/httpd-site/pull/10 
25744apache-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487 
25745hs-http2<4.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487 25743hs-http2<4.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487
25746varnish-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487 25744varnish-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-44487
25747apache<2.4.58 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-31122 25745apache<2.4.58 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-31122
25748apache<2.4.58 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43622 25746apache<2.4.58 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-43622
25749apache<2.4.58 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-45802 25747apache<2.4.58 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-45802