| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.97 2023/12/24 09:53:03 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.98 2023/12/24 12:47:46 bsiegert Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25817,13 +25817,28 @@ proftpd<1.3.8b extension-negotiation-dow | | | @@ -25817,13 +25817,28 @@ proftpd<1.3.8b extension-negotiation-dow |
25817 | dropbear<2022.83nb1 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 | | 25817 | dropbear<2022.83nb1 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 |
25818 | erlang<26.2.1 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 | | 25818 | erlang<26.2.1 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 |
25819 | libssh2<1.11.0nb2 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 | | 25819 | libssh2<1.11.0nb2 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 |
25820 | postfix<3.8.4 email-spoofing https://nvd.nist.gov/vuln/detail/CVE-2023-51764 | | 25820 | postfix<3.8.4 email-spoofing https://nvd.nist.gov/vuln/detail/CVE-2023-51764 |
25821 | mysqld_exporter<0.15.1 auth-bypass https://pkg.go.dev/vuln/GO-2022-1130 | | 25821 | mysqld_exporter<0.15.1 auth-bypass https://pkg.go.dev/vuln/GO-2022-1130 |
25822 | mysqld_exporter<0.15.1 denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 | | 25822 | mysqld_exporter<0.15.1 denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 |
25823 | postgres_exporter<0.15.0 auth-bypass https://pkg.go.dev/vuln/GO-2022-1130 | | 25823 | postgres_exporter<0.15.0 auth-bypass https://pkg.go.dev/vuln/GO-2022-1130 |
25824 | postgres_exporter<0.15.0 denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 | | 25824 | postgres_exporter<0.15.0 denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 |
25825 | git-lfs<3.4.1 denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 | | 25825 | git-lfs<3.4.1 denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 |
25826 | exim-[0-9]* email-spoofing https://nvd.nist.gov/vuln/detail/CVE-2023-51766 | | 25826 | exim-[0-9]* email-spoofing https://nvd.nist.gov/vuln/detail/CVE-2023-51766 |
25827 | nuclei<3.1.3 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 | | 25827 | nuclei<3.1.3 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
25828 | glow<1.5.1 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 | | 25828 | glow<1.5.1 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
25829 | sendmail-[0-9]* email-spoofing https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-51765 | | 25829 | sendmail-[0-9]* email-spoofing https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-51765 |
| | | 25830 | packer<1.9.5 man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
| | | 25831 | ssh-chat-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
| | | 25832 | influxdb-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 |
| | | 25833 | lazygit-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
| | | 25834 | amfora-[0-9]* infinite-loop https://pkg.go.dev/vuln/GO-2021-0238 |
| | | 25835 | hub-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2021-0061 |
| | | 25836 | nats-server-[0-9]* permissions-checking https://pkg.go.dev/vuln/GO-2022-0386 |
| | | 25837 | obfs4proxy-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 |
| | | 25838 | terraform-provider-aws-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-2153 |
| | | 25839 | terraform-provider-aws-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2023-1571 |
| | | 25840 | authelia-[0-9]* path-traversal https://pkg.go.dev/vuln/GO-2022-0355 |
| | | 25841 | authelia-[0-9]* out-of-bounds-read https://pkg.go.dev/vuln/GO-2021-0113 |
| | | 25842 | apisprout-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2021-0061 |
| | | 25843 | gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
| | | 25844 | gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 |