Mon Jan 22 09:15:45 2024 UTC (127d)
doc: note postgresql11 is eol


(wiz)
diff -r1.109 -r1.110 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.109 -r1.110 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/01/20 20:44:00 1.109
+++ pkgsrc/doc/pkg-vulnerabilities 2024/01/22 09:15:45 1.110
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.109 2024/01/20 20:44:00 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.110 2024/01/22 09:15:45 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25843,13 +25843,14 @@ apisprout-[0-9]* denial-of-service https @@ -25843,13 +25843,14 @@ apisprout-[0-9]* denial-of-service https
25843gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402 25843gitea-[0-9]* man-in-the-middle https://pkg.go.dev/vuln/GO-2023-2402
25844gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988 25844gitea-[0-9]* improper-rendering https://pkg.go.dev/vuln/GO-2023-1988
25845openssh<9.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51385 25845openssh<9.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51385
25846libssh<0.10.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-6004 25846libssh<0.10.6 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-6004
25847p5-Spreadsheet-ParseExcel<0.6600 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-7101 25847p5-Spreadsheet-ParseExcel<0.6600 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-7101
25848filezilla<3.66.4 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795 25848filezilla<3.66.4 extension-negotiation-downgrade https://nvd.nist.gov/vuln/detail/CVE-2023-48795
25849libheif<1.17.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49462 25849libheif<1.17.6 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49462
25850libde265<1.0.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49468 25850libde265<1.0.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-49468
25851gst-plugins1-bad<1.22.8 buffer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0011.html 25851gst-plugins1-bad<1.22.8 buffer-overflow https://gstreamer.freedesktop.org/security/sa-2023-0011.html
25852modular-xorg-server<21.1.11 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6816 25852modular-xorg-server<21.1.11 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-6816
25853coreutils<9.4 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0684 25853coreutils<9.4 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-0684
25854gnutls<3.8.3 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2023-0553 25854gnutls<3.8.3 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2023-0553
25855py{27,38,39,310,311,312}-Pillow<10.2.0 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-50447 25855py{27,38,39,310,311,312}-Pillow<10.2.0 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-50447
 25856postgresql-server>=11<12 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages