| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.117 2024/02/07 16:35:29 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.118 2024/02/07 18:01:16 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25859,13 +25859,14 @@ py{27,37,38,39,310,311,312}-aiohttp<3.9. | | | @@ -25859,13 +25859,14 @@ py{27,37,38,39,310,311,312}-aiohttp<3.9. |
25859 | py{27,37,38,39,310,311,312}-aiohttp<3.9.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23829 | | 25859 | py{27,37,38,39,310,311,312}-aiohttp<3.9.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23829 |
25860 | curl<8.6.0 out-of-bounds https://nvd.nist.gov/vuln/detail/CVE-2023-52071 | | 25860 | curl<8.6.0 out-of-bounds https://nvd.nist.gov/vuln/detail/CVE-2023-52071 |
25861 | mbedtls<2.28.7 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170 | | 25861 | mbedtls<2.28.7 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170 |
25862 | mbedtls>=3<3.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170 | | 25862 | mbedtls>=3<3.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170 |
25863 | mbedtls<2.28.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775 | | 25863 | mbedtls<2.28.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775 |
25864 | mbedtls>=3<3.5.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775 | | 25864 | mbedtls>=3<3.5.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775 |
25865 | opensc-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-5992 | | 25865 | opensc-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-5992 |
25866 | py{27,37,38,39,310,311,312}-octoprint-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23637 | | 25866 | py{27,37,38,39,310,311,312}-octoprint-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23637 |
25867 | glpi<10.0.12 code-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51446 | | 25867 | glpi<10.0.12 code-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51446 |
25868 | glpi<10.0.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-23645 | | 25868 | glpi<10.0.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-23645 |
25869 | graphviz<10 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-46045 | | 25869 | graphviz<10 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-46045 |
25870 | expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52425 | | 25870 | expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52425 |
25871 | expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52426 | | 25871 | expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52426 |
| | | 25872 | webkit-gtk<2.42.5 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-23222 |