Thu Nov 16 18:10:44 2023 UTC ()
more tiff bugs with patches on nvd


(nia)
diff -r1.66 -r1.67 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.66 -r1.67 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2023/11/16 18:02:50 1.66
+++ pkgsrc/doc/pkg-vulnerabilities 2023/11/16 18:10:44 1.67
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.66 2023/11/16 18:02:50 nia Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.67 2023/11/16 18:10:44 nia Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -24232,38 +24232,38 @@ radare2<4.4.0 null-pointer-dereference h @@ -24232,38 +24232,38 @@ radare2<4.4.0 null-pointer-dereference h
24232radare2-[0-9]* integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-4398 24232radare2-[0-9]* integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-4398
24233radare2<5.8.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-4843 24233radare2<5.8.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-4843
24234radare2<5.8.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-0302 24234radare2<5.8.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-0302
24235exim-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-3559 24235exim-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-3559
24236exim-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-3620 24236exim-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-3620
24237sox-[0-9]* division-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-33844 24237sox-[0-9]* division-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-33844
24238sox-[0-9]* division-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-23210 24238sox-[0-9]* division-by-zero https://nvd.nist.gov/vuln/detail/CVE-2021-23210
24239sox-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-23172 24239sox-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-23172
24240sox-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-23159 24240sox-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-23159
24241tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2869 24241tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2869
24242tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2868 24242tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2868
24243tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2867 24243tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2867
24244tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2953 24244tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2953
24245tiff-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2521 24245tiff<4.5.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2521
24246tiff-[0-9]* double-free https://nvd.nist.gov/vuln/detail/CVE-2022-2519 24246tiff<4.5.0 double-free https://nvd.nist.gov/vuln/detail/CVE-2022-2519
24247tiff-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2520 24247tiff<4.5.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2520
24248tiff<4.4.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-1355 24248tiff<4.4.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-1355
24249tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-1354 24249tiff<4.4.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-1354
24250tiff<4.5.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-3599 24250tiff<4.5.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-3599
24251tiff<4.5.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-3598 24251tiff<4.5.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-3598
24252tiff<4.5.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-3627 24252tiff<4.5.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-3627
24253tiff<4.5.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-3626 24253tiff<4.5.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2022-3626
24254tiff<4.5.0 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-3570 24254tiff<4.5.0 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-3570
24255tiff<4.5.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-3970 24255tiff<4.5.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-3970
24256tiff-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-48281 24256tiff<4.5.1 heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-48281
24257libraw<0.21.1 ut-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35535 24257libraw<0.21.1 ut-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35535
24258libraw<0.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35533 24258libraw<0.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35533
24259libraw<0.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35531 24259libraw<0.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35531
24260libraw<0.21.1 memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2020-35534 24260libraw<0.21.1 memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2020-35534
24261libraw<0.21.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2020-35530 24261libraw<0.21.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2020-35530
24262libraw<0.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35532 24262libraw<0.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35532
24263libredwg<0.12.4.4608 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-35164 24263libredwg<0.12.4.4608 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-35164
24264libredwg-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-45332 24264libredwg-[0-9]* heap-based-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-45332
24265blender-[0-9]* infinite-loop https://nvd.nist.gov/vuln/detail/CVE-2022-2833 24265blender-[0-9]* infinite-loop https://nvd.nist.gov/vuln/detail/CVE-2022-2833
24266blender-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2832 24266blender-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-2832
24267blender-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-2831 24267blender-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-2831
24268consul<1.11.9 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-41803 24268consul<1.11.9 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-41803
24269consul<1.12.5 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2022-40716 24269consul<1.12.5 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2022-40716