Sat Dec 23 19:12:51 2023 UTC (155d)

pkg-vulnerabilities: drop R buffer overflow that applied to 3.3, ages ago


(thor)

diff -r1.92 -r1.93 pkgsrc/doc/pkg-vulnerabilities

--- pkgsrc/doc/pkg-vulnerabilities 2023/12/23 14:59:24 1.92
+++ pkgsrc/doc/pkg-vulnerabilities 2023/12/23 19:12:50 1.93

 @@ -1,14 +1,14 @@
-# $NetBSD: pkg-vulnerabilities,v 1.92 2023/12/23 14:59:24 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.93 2023/12/23 19:12:50 thor Exp $
+#
 #FORMAT 1.0.0
+#
 # Please read "Handling packages with security problems" in the pkgsrc
 # guide before editing this file.
+#
 # Note: NEVER remove entries from this file; this should document *all*
 # known package vulnerabilities so it is entirely appropriate to have
 # multiple entries in this file for a single package, and to contain
 # entries for packages which have been removed from pkgsrc.
+#
 # New entries should be added at the end of this file.
+#
 @@ -11336,27 +11336,26 @@ dropbear<2016.74	sensitive-information-d
 php{56,70,71}-owncloud<9.1.3	username-enumeration			https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5865
 php{56,70,71}-owncloud<9.1.3	sensitive-information-disclosure	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5866
 php{56,70,71}-owncloud<9.1.3	excessive-logging			https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5867
 freetype<2.7	denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10244
 ghoscript<9.20	information-disclosure	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5653
 ap{22,24}-auth-mellon<0.13.1	cross-site-session-transfer	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6807
 ytnef<1.9.2	denial-of-service	 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6801
 php{56,70,71}-roundcube<1.2.4	cross-site-scripting	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6820
 mantis<1.3.7	javascript-injection	 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6797
 libupnp<1.6.21	arbitrary-code-execution	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8863
 tiff<4.0.6	denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5315
 firefox45<45.8	multiple-vulnerabilities	https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/
 webkit24-gtk{,3}-[0-9]*	denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9643
 R-[0-9]*		buffer-overflow		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8714
 wavpack<5.1.0		denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10169
 wavpack<5.1.0		denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10170
 wavpack<5.1.0		denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10171
 wavpack<5.1.0		denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10172
 bitlbee<3.5		denial-of-service	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10189
 libpurple<2.12.0	remote-code-execution	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-2640
 adobe-flash-player<24.0.0.211	multiple-vulnerabilities	https://helpx.adobe.com/security/products/flash-player/apsb17-07.html
 binutils<2.26		buffer-overflow		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9939
 binutils<2.29		heap-overflow		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6965
 binutils<2.29		use-after-free		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6966
 binutils<2.29		heap-overflow		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-6969
 binutils<2.29		null-dereference	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7209
 binutils<2.29		heap-overflow		https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7210