| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.107 2024/01/19 13:01:40 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.108 2024/01/20 12:13:53 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25841,13 +25841,14 @@ authelia-[0-9]* path-traversal https://p | | | @@ -25841,13 +25841,14 @@ authelia-[0-9]* path-traversal https://p |
25841 | authelia-[0-9]* out-of-bounds-read https://pkg.go.dev/vuln/GO-2021-0113 | | 25841 | authelia-[0-9]* out-of-bounds-read https://pkg.go.dev/vuln/GO-2021-0113 |
25842 | apisprout-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2021-0061 | | 25842 | apisprout-[0-9]* denial-of-service https://pkg.go.dev/vuln/GO-2021-0061 |
25843 | gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 | | 25843 | gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
25844 | gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 | | 25844 | gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 |
25845 | openssh<9.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51385 | | 25845 | openssh<9.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51385 |
25846 | libssh<0.10.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-6004 | | 25846 | libssh<0.10.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-6004 |
25847 | p5-Spreadsheet-ParseExcel<0.6600 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-7101 | | 25847 | p5-Spreadsheet-ParseExcel<0.6600 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-7101 |
25848 | filezilla<3.66.4 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 | | 25848 | filezilla<3.66.4 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 |
25849 | libheif<1.17.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49462 | | 25849 | libheif<1.17.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49462 |
25850 | libde265<1.0.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49468 | | 25850 | libde265<1.0.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49468 |
25851 | gst-plugins1-bad<1.22.8 buffer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0011.html | | 25851 | gst-plugins1-bad<1.22.8 buffer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0011.html |
25852 | modular-xorg-server<21.1.11 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6816 | | 25852 | modular-xorg-server<21.1.11 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6816 |
25853 | coreutils<9.4 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0684 | | 25853 | coreutils<9.4 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0684 |
| | | 25854 | gnutls<3.8.3 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2023-0553 |