Fri Feb 9 06:59:03 2024 UTC (109d)
doc: add missing python version to vulnerabilities

Noted by adam@


(wiz)
diff -r1.119 -r1.120 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.119 -r1.120 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/02/09 03:02:21 1.119
+++ pkgsrc/doc/pkg-vulnerabilities 2024/02/09 06:59:03 1.120
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.119 2024/02/09 03:02:21 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.120 2024/02/09 06:59:03 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25860,17 +25860,17 @@ py{27,37,38,39,310,311,312}-aiohttp<3.9. @@ -25860,17 +25860,17 @@ py{27,37,38,39,310,311,312}-aiohttp<3.9.
25860curl<8.6.0 out-of-bounds https://nvd.nist.gov/vuln/detail/CVE-2023-52071 25860curl<8.6.0 out-of-bounds https://nvd.nist.gov/vuln/detail/CVE-2023-52071
25861mbedtls<2.28.7 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170 25861mbedtls<2.28.7 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170
25862mbedtls>=3<3.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170 25862mbedtls>=3<3.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23170
25863mbedtls<2.28.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775 25863mbedtls<2.28.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775
25864mbedtls>=3<3.5.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775 25864mbedtls>=3<3.5.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23775
25865opensc-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-5992 25865opensc-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-5992
25866py{27,37,38,39,310,311,312}-octoprint-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23637 25866py{27,37,38,39,310,311,312}-octoprint-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-23637
25867glpi<10.0.12 code-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51446 25867glpi<10.0.12 code-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51446
25868glpi<10.0.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-23645 25868glpi<10.0.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-23645
25869graphviz<10 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-46045 25869graphviz<10 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-46045
25870expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52425 25870expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52425
25871expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52426 25871expat<2.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-52426
25872webkit-gtk<2.42.5 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-23222 25872webkit-gtk<2.42.5 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-23222
25873py{27,37,38,39,310,311}-django>=3.2<3.2.24 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24680 25873py{27,37,38,39,310,311,312}-django>=3.2<3.2.24 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24680
25874py{27,37,38,39,310,311}-django>=4.1<4.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24680 25874py{27,37,38,39,310,311,312}-django>=4.1<4.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24680
25875py{27,37,38,39,310,311}-django>=4.2<4.2.10 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24680 25875py{27,37,38,39,310,311,312}-django>=4.2<4.2.10 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24680
25876libuv>=1.45<1.48 address-check-bypass https://nvd.nist.gov/vuln/detail/CVE-2024-24806 25876libuv>=1.45<1.48 address-check-bypass https://nvd.nist.gov/vuln/detail/CVE-2024-24806