| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.121 2024/02/09 20:31:43 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.122 2024/02/11 10:07:10 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -24791,27 +24791,27 @@ rabbitmq>=3.9.0<3.9.18 denial-of-service | | | @@ -24791,27 +24791,27 @@ rabbitmq>=3.9.0<3.9.18 denial-of-service |
24791 | rabbitmq>=3.10.0<3.10.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31008 | | 24791 | rabbitmq>=3.10.0<3.10.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31008 |
24792 | qt5-qtbase-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2021-3481 | | 24792 | qt5-qtbase-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2021-3481 |
24793 | qemu<7.1.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-14394 | | 24793 | qemu<7.1.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-14394 |
24794 | qemu<7.1.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-0216 | | 24794 | qemu<7.1.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-0216 |
24795 | qemu-[0-9]* insecure-lock-files https://nvd.nist.gov/vuln/detail/CVE-2021-3735 | | 24795 | qemu-[0-9]* insecure-lock-files https://nvd.nist.gov/vuln/detail/CVE-2021-3735 |
24796 | qemu<6.2.1 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2022-0358 | | 24796 | qemu<6.2.1 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2022-0358 |
24797 | qemu<2.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2014-0148 | | 24797 | qemu<2.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2014-0148 |
24798 | qemu<1.6.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2014-0147 | | 24798 | qemu<1.6.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2014-0147 |
24799 | qemu<2.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2014-0144 | | 24799 | qemu<2.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2014-0144 |
24800 | qemu<7.2.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-3165 | | 24800 | qemu<7.2.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-3165 |
24801 | qemu<7.1.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-3872 | | 24801 | qemu<7.1.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-3872 |
24802 | qemu<7.2.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-4172 | | 24802 | qemu<7.2.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-4172 |
24803 | qemu<7.2.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-4144 | | 24803 | qemu<7.2.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-4144 |
24804 | png-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-4214 | | 24804 | #png-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-4214 # test program only, not installed |
24805 | pngcheck<3.0.3 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-35511 | | 24805 | pngcheck<3.0.3 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-35511 |
24806 | py{27,36,37,38,39,310,311}-matrix-nio<0.20 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-39254 | | 24806 | py{27,36,37,38,39,310,311}-matrix-nio<0.20 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-39254 |
24807 | py{27,36,37,38,39,310,311}-octoprint<1.9.0 security-restrictions-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-2822 | | 24807 | py{27,36,37,38,39,310,311}-octoprint<1.9.0 security-restrictions-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-2822 |
24808 | python36<3.6.14 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 | | 24808 | python36<3.6.14 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 |
24809 | python37<3.7.11 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 | | 24809 | python37<3.7.11 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 |
24810 | python38<3.8.9 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 | | 24810 | python38<3.8.9 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 |
24811 | python39<3.9.3 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 | | 24811 | python39<3.9.3 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-4189 |
24812 | python37<3.7.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 | | 24812 | python37<3.7.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 |
24813 | python38<3.8.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 | | 24813 | python38<3.8.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 |
24814 | python39<3.9.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 | | 24814 | python39<3.9.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 |
24815 | python310<3.10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 | | 24815 | python310<3.10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-10735 |
24816 | python37<3.7.8 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-42919 | | 24816 | python37<3.7.8 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-42919 |
24817 | python38<3.8.4 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-42919 | | 24817 | python38<3.8.4 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-42919 |
| @@ -25514,27 +25514,27 @@ jhead<3.08 out-of-bounds-write https://n | | | @@ -25514,27 +25514,27 @@ jhead<3.08 out-of-bounds-write https://n |
25514 | jhead<3.04 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2020-28840 | | 25514 | jhead<3.04 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2020-28840 |
25515 | monit<5.31.0 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-26563 | | 25515 | monit<5.31.0 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-26563 |
25516 | tiff<4.5.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-4645 | | 25516 | tiff<4.5.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-4645 |
25517 | tiff<4.5.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-1916 | | 25517 | tiff<4.5.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2023-1916 |
25518 | vim<9.0.1367 divide-by-zero https://nvd.nist.gov/vuln/detail/CVE-2023-1127 | | 25518 | vim<9.0.1367 divide-by-zero https://nvd.nist.gov/vuln/detail/CVE-2023-1127 |
25519 | vim<9.0.1376 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-1170 | | 25519 | vim<9.0.1376 heap-buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-1170 |
25520 | vim<9.0.1378 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-1175 | | 25520 | vim<9.0.1378 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-1175 |
25521 | vim<9.0.1392 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-1264 | | 25521 | vim<9.0.1392 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-1264 |
25522 | vim<9.0.1402 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-1355 | | 25522 | vim<9.0.1402 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-1355 |
25523 | vim<9.0.1499 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-2426 | | 25523 | vim<9.0.1499 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-2426 |
25524 | vim<9.0.1531 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-2609 | | 25524 | vim<9.0.1531 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2023-2609 |
25525 | vim<9.0.1532 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-2610 | | 25525 | vim<9.0.1532 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-2610 |
25526 | optipng-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-43907 | | 25526 | optipng-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-43907 |
25527 | png-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-3857 | | 25527 | #png-[0-9]* null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-3857 # false positive |
25528 | jpegoptim<1.5.3 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-27781 | | 25528 | jpegoptim<1.5.3 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-27781 |
25529 | phppgadmin<7.14.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-40619 | | 25529 | phppgadmin<7.14.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-40619 |
25530 | phppgadmin<7.7 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-5002 | | 25530 | phppgadmin<7.7 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-5002 |
25531 | phppgadmin<6.19 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-0241 | | 25531 | phppgadmin<6.19 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-0241 |
25532 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25363 | | 25532 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25363 |
25533 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25362 | | 25533 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25362 |
25534 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25361 | | 25534 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25361 |
25535 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25360 | | 25535 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25360 |
25536 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25358 | | 25536 | webkit-gtk<2.36.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-25358 |
25537 | libde265-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-47664 | | 25537 | libde265-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-47664 |
25538 | libcares<1.19.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-4904 | | 25538 | libcares<1.19.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-4904 |
25539 | webkit-gtk<2.26.0 memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2019-8720 | | 25539 | webkit-gtk<2.26.0 memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2019-8720 |
25540 | qemu>=7.2.0<7.2.3 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-0330 | | 25540 | qemu>=7.2.0<7.2.3 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2023-0330 |