| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.109 2024/01/20 20:44:00 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.110 2024/01/22 09:15:45 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25843,13 +25843,14 @@ apisprout-[0-9]* denial-of-service https | | | @@ -25843,13 +25843,14 @@ apisprout-[0-9]* denial-of-service https |
25843 | gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 | | 25843 | gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 |
25844 | gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 | | 25844 | gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 |
25845 | openssh<9.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51385 | | 25845 | openssh<9.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51385 |
25846 | libssh<0.10.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-6004 | | 25846 | libssh<0.10.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-6004 |
25847 | p5-Spreadsheet-ParseExcel<0.6600 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-7101 | | 25847 | p5-Spreadsheet-ParseExcel<0.6600 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-7101 |
25848 | filezilla<3.66.4 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 | | 25848 | filezilla<3.66.4 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 |
25849 | libheif<1.17.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49462 | | 25849 | libheif<1.17.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49462 |
25850 | libde265<1.0.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49468 | | 25850 | libde265<1.0.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49468 |
25851 | gst-plugins1-bad<1.22.8 buffer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0011.html | | 25851 | gst-plugins1-bad<1.22.8 buffer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0011.html |
25852 | modular-xorg-server<21.1.11 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6816 | | 25852 | modular-xorg-server<21.1.11 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6816 |
25853 | coreutils<9.4 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0684 | | 25853 | coreutils<9.4 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0684 |
25854 | gnutls<3.8.3 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2023-0553 | | 25854 | gnutls<3.8.3 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2023-0553 |
25855 | py{27,38,39,310,311,312}-Pillow<10.2.0 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-50447 | | 25855 | py{27,38,39,310,311,312}-Pillow<10.2.0 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-50447 |
| | | 25856 | postgresql-server>=11<12 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages |