| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.79 2023/12/15 13:19:02 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.80 2023/12/16 07:08:54 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25792,13 +25792,15 @@ go121<1.21.5 denial-of-service https://n | | | @@ -25792,13 +25792,15 @@ go121<1.21.5 denial-of-service https://n |
25792 | go120<1.20.12 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285 | | 25792 | go120<1.20.12 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285 |
25793 | go121<1.21.5 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285 | | 25793 | go121<1.21.5 insecure-fallback https://nvd.nist.gov/vuln/detail/CVE-2023-45285 |
25794 | curl>=7.46.0<8.5.0 information-exposure-through-sent-data https://nvd.nist.gov/vuln/detail/CVE-2023-46218 | | 25794 | curl>=7.46.0<8.5.0 information-exposure-through-sent-data https://nvd.nist.gov/vuln/detail/CVE-2023-46218 |
25795 | curl>=7.84.0<8.5.0 missing-encryption-of-sensitive-data https://nvd.nist.gov/vuln/detail/CVE-2023-46219 | | 25795 | curl>=7.84.0<8.5.0 missing-encryption-of-sensitive-data https://nvd.nist.gov/vuln/detail/CVE-2023-46219 |
25796 | fish<3.6.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-49284 | | 25796 | fish<3.6.2 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-49284 |
25797 | modular-xorg-server<21.1.10 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6377 | | 25797 | modular-xorg-server<21.1.10 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6377 |
25798 | modular-xorg-server<21.1.10 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6478 | | 25798 | modular-xorg-server<21.1.10 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6478 |
25799 | opensc>=0.17.0<0.24.0 potential-pin-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-40660 | | 25799 | opensc>=0.17.0<0.24.0 potential-pin-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-40660 |
25800 | asterisk<18.20.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 | | 25800 | asterisk<18.20.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 |
25801 | asterisk>=20<20.5.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 | | 25801 | asterisk>=20<20.5.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 |
25802 | asterisk>=21<21.0.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 | | 25802 | asterisk>=21<21.0.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-49786 |
25803 | asterisk<18 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages | | 25803 | asterisk<18 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages |
25804 | asterisk>=19<20 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages | | 25804 | asterisk>=19<20 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages |
| | | 25805 | jq<1.7.1 buffer-overflow http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50246 |
| | | 25806 | jq<1.7.1 buffer-overflow http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-50268 |