Fri Nov 17 08:05:29 2023 UTC ()

bugs with patches in mupdf


(nia)

diff -r1.67 -r1.68 pkgsrc/doc/pkg-vulnerabilities

--- pkgsrc/doc/pkg-vulnerabilities 2023/11/16 18:10:44 1.67
+++ pkgsrc/doc/pkg-vulnerabilities 2023/11/17 08:05:29 1.68

 @@ -1,14 +1,14 @@
-# $NetBSD: pkg-vulnerabilities,v 1.67 2023/11/16 18:10:44 nia Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.68 2023/11/17 08:05:29 nia Exp $
+#
 #FORMAT 1.0.0
+#
 # Please read "Handling packages with security problems" in the pkgsrc
 # guide before editing this file.
+#
 # Note: NEVER remove entries from this file; this should document *all*
 # known package vulnerabilities so it is entirely appropriate to have
 # multiple entries in this file for a single package, and to contain
 # entries for packages which have been removed from pkgsrc.
+#
 # New entries should be added at the end of this file.
+#
 @@ -23548,28 +23548,28 @@ libredwg-[0-9]*	stack-overflow	https://n
 libxml2<2.9.14	integer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2022-29824
 lighttpd<1.4.59	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-30780
 lrzip-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-33067
 mantis<2.25.5	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2022-33910
 mariadb-server<10.7	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31621
 mariadb-server<10.7	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31622
 mariadb-server<10.7	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31623
 mariadb-server<10.7	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31624
 matio<1.5.22	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-1515
 moodle<4.0.1	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2022-30596
 moodle<4.0.1	information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2022-30597
 moodle<4.0.1	information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2022-30598
 moodle<4.0.1	security-bypass	https://nvd.nist.gov/vuln/detail/CVE-2022-30600
-mupdf-[0-9]*	denial-of-service		https://nvd.nist.gov/vuln/detail/CVE-2022-30974
+mupdf<1.3.0	denial-of-service		https://nvd.nist.gov/vuln/detail/CVE-2022-30974
-mupdf-[0-9]*	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2022-30975
+mupdf<1.3.0	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2022-30975
 njs<0.7.4	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-29779
 njs<0.7.4	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-29780
 njs<0.7.4	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-30503
 njs<0.7.4	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31306
 njs<0.7.4	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31307
 njs<0.7.4	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-32414
 nuitka<0.9	shell-command-injection	https://nvd.nist.gov/vuln/detail/CVE-2022-2054
 openldap<2.6.2	sql-injection	https://nvd.nist.gov/vuln/detail/CVE-2022-29155
 openssl<1.1.1o	shell-command-injection			https://nvd.nist.gov/vuln/detail/CVE-2022-1292
 openssl>=3.0.0<3.0.3	security-bypass			https://nvd.nist.gov/vuln/detail/CVE-2022-1343
 openssl>=3.0.0<3.0.3	man-in-the-middle-attack	https://nvd.nist.gov/vuln/detail/CVE-2022-1434
 openssl>=3.0.0<3.0.3	denial-of-service		https://nvd.nist.gov/vuln/detail/CVE-2022-1473
 openssl<1.1.1p	shell-command-injection			https://nvd.nist.gov/vuln/detail/CVE-2022-2068