| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.64 2023/11/15 21:18:05 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.65 2023/11/16 09:42:02 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25755,13 +25755,22 @@ php{56,73,74,80,81,82}-roundcube<1.6.3 c | | | @@ -25755,13 +25755,22 @@ php{56,73,74,80,81,82}-roundcube<1.6.3 c |
25755 | exiv2>=0.28<0.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2023-44398 | | 25755 | exiv2>=0.28<0.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2023-44398 |
25756 | ltm<1.2.1 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-36328 | | 25756 | ltm<1.2.1 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-36328 |
25757 | gimp<2.10.36 unknown-impact https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#security-and-bug-fixes | | 25757 | gimp<2.10.36 unknown-impact https://www.gimp.org/news/2023/11/07/gimp-2-10-36-released/#security-and-bug-fixes |
25758 | tor<0.4.8.8 unknown-impact https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE | | 25758 | tor<0.4.8.8 unknown-impact https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE |
25759 | tor<0.4.8.9 unknown-impact https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE | | 25759 | tor<0.4.8.9 unknown-impact https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE |
25760 | yt-dlp<2023.11.14 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2023-46121 | | 25760 | yt-dlp<2023.11.14 man-in-the-middle-attack https://nvd.nist.gov/vuln/detail/CVE-2023-46121 |
25761 | webkit-gtk<2.38.4 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2023-32919 | | 25761 | webkit-gtk<2.38.4 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2023-32919 |
25762 | webkit-gtk<2.38.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-32933 | | 25762 | webkit-gtk<2.38.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-32933 |
25763 | webkit-gtk<2.38.4 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2022-46705 | | 25763 | webkit-gtk<2.38.4 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2022-46705 |
25764 | webkit-gtk<2.38.4 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2022-46725 | | 25764 | webkit-gtk<2.38.4 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2022-46725 |
25765 | webkit-gtk<2.42 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-32359 | | 25765 | webkit-gtk<2.42 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-32359 |
25766 | webkit-gtk<2.42.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-41983 | | 25766 | webkit-gtk<2.42.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-41983 |
25767 | webkit-gtk<2.42.2 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42852 | | 25767 | webkit-gtk<2.42.2 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-42852 |
| | | 25768 | gst-plugins1-base<1.22.4 heap-overwrite https://nvd.nist.gov/vuln/detail/CVE-2023-37328 |
| | | 25769 | gst-plugins1-base<1.22.4 heap-overwrite https://nvd.nist.gov/vuln/detail/CVE-2023-37329 |
| | | 25770 | gst-plugins1-ugly<1.22.5 integer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0004.html |
| | | 25771 | gst-plugins1-ugly<1.22.5 integer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0005.html |
| | | 25772 | gst-plugins1-bad<1.22.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40474 |
| | | 25773 | gst-plugins1-bad<1.22.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40475 |
| | | 25774 | gst-plugins1-bad<1.22.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-40476 |
| | | 25775 | gst-plugins1-bad<1.22.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-44429 |
| | | 25776 | gst-plugins1-bad<1.22.6 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-44446 |