Sat Dec 16 07:08:54 2023 UTC (163d)
doc: jq vulns


(wiz)
diff -r1.79 -r1.80 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.79 -r1.80 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2023/12/15 13:19:02 1.79
+++ pkgsrc/doc/pkg-vulnerabilities 2023/12/16 07:08:54 1.80
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.79 2023/12/15 13:19:02 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.80 2023/12/16 07:08:54 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25792,13 +25792,15 @@ go121<1.21.5 denial-of-service https://n @@ -25792,13 +25792,15 @@ go121<1.21.5 denial-of-service https://n
25792go120<1.20.12 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285 25792go120<1.20.12 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285
25793go121<1.21.5 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285 25793go121<1.21.5 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285
25794curl>=7.46.0<8.5.0 information-exposure-through-sent-data https://nvd.nist.gov/vuln/detail/CVE-2023-46218 25794curl>=7.46.0<8.5.0 information-exposure-through-sent-data https://nvd.nist.gov/vuln/detail/CVE-2023-46218
25795curl>=7.84.0<8.5.0 missing-encryption-of-sensitive-data https://nvd.nist.gov/vuln/detail/CVE-2023-46219 25795curl>=7.84.0<8.5.0 missing-encryption-of-sensitive-data https://nvd.nist.gov/vuln/detail/CVE-2023-46219
25796fish<3.6.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-49284 25796fish<3.6.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-49284
25797modular-xorg-server<21.1.10 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6377 25797modular-xorg-server<21.1.10 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6377
25798modular-xorg-server<21.1.10 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6478 25798modular-xorg-server<21.1.10 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6478
25799opensc>=0.17.0<0.24.0 potential-pin-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-40660 25799opensc>=0.17.0<0.24.0 potential-pin-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-40660
25800asterisk<18.20.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 25800asterisk<18.20.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786
25801asterisk>=20<20.5.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 25801asterisk>=20<20.5.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786
25802asterisk>=21<21.0.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 25802asterisk>=21<21.0.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786
25803asterisk<18 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages 25803asterisk<18 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
25804asterisk>=19<20 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages 25804asterisk>=19<20 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
 25805jq<1.7.1 buffer-overflow http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50246
 25806jq<1.7.1 buffer-overflow http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50268