| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.92 2023/12/23 14:59:24 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.93 2023/12/23 19:12:50 thor Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -11336,27 +11336,26 @@ dropbear<2016.74 sensitive-information-d | | | @@ -11336,27 +11336,26 @@ dropbear<2016.74 sensitive-information-d |
11336 | php{56,70,71}-owncloud<9.1.3 username-enumeration https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5865 | | 11336 | php{56,70,71}-owncloud<9.1.3 username-enumeration https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5865 |
11337 | php{56,70,71}-owncloud<9.1.3 sensitive-information-disclosure https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5866 | | 11337 | php{56,70,71}-owncloud<9.1.3 sensitive-information-disclosure https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5866 |
11338 | php{56,70,71}-owncloud<9.1.3 excessive-logging https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5867 | | 11338 | php{56,70,71}-owncloud<9.1.3 excessive-logging https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5867 |
11339 | freetype<2.7 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10244 | | 11339 | freetype<2.7 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10244 |
11340 | ghoscript<9.20 information-disclosure https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5653 | | 11340 | ghoscript<9.20 information-disclosure https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5653 |
11341 | ap{22,24}-auth-mellon<0.13.1 cross-site-session-transfer https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6807 | | 11341 | ap{22,24}-auth-mellon<0.13.1 cross-site-session-transfer https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6807 |
11342 | ytnef<1.9.2 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6801 | | 11342 | ytnef<1.9.2 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6801 |
11343 | php{56,70,71}-roundcube<1.2.4 cross-site-scripting https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820 | | 11343 | php{56,70,71}-roundcube<1.2.4 cross-site-scripting https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820 |
11344 | mantis<1.3.7 javascript-injection https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6797 | | 11344 | mantis<1.3.7 javascript-injection https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6797 |
11345 | libupnp<1.6.21 arbitrary-code-execution https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8863 | | 11345 | libupnp<1.6.21 arbitrary-code-execution https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8863 |
11346 | tiff<4.0.6 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5315 | | 11346 | tiff<4.0.6 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5315 |
11347 | firefox45<45.8 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/ | | 11347 | firefox45<45.8 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/ |
11348 | webkit24-gtk{,3}-[0-9]* denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9643 | | 11348 | webkit24-gtk{,3}-[0-9]* denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9643 |
11349 | R-[0-9]* buffer-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8714 | | | |
11350 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10169 | | 11349 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10169 |
11351 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10170 | | 11350 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10170 |
11352 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10171 | | 11351 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10171 |
11353 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10172 | | 11352 | wavpack<5.1.0 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10172 |
11354 | bitlbee<3.5 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10189 | | 11353 | bitlbee<3.5 denial-of-service https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10189 |
11355 | libpurple<2.12.0 remote-code-execution https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2640 | | 11354 | libpurple<2.12.0 remote-code-execution https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2640 |
11356 | adobe-flash-player<24.0.0.211 multiple-vulnerabilities https://helpx.adobe.com/security/products/flash-player/apsb17-07.html | | 11355 | adobe-flash-player<24.0.0.211 multiple-vulnerabilities https://helpx.adobe.com/security/products/flash-player/apsb17-07.html |
11357 | binutils<2.26 buffer-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9939 | | 11356 | binutils<2.26 buffer-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9939 |
11358 | binutils<2.29 heap-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6965 | | 11357 | binutils<2.29 heap-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6965 |
11359 | binutils<2.29 use-after-free https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6966 | | 11358 | binutils<2.29 use-after-free https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6966 |
11360 | binutils<2.29 heap-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6969 | | 11359 | binutils<2.29 heap-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6969 |
11361 | binutils<2.29 null-dereference https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7209 | | 11360 | binutils<2.29 null-dereference https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7209 |
11362 | binutils<2.29 heap-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7210 | | 11361 | binutils<2.29 heap-overflow https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7210 |