 @@ -1,14 +1,14 @@
-# $NetBSD: pkg-vulnerabilities,v 1.121 2024/02/09 20:31:43 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.122 2024/02/11 10:07:10 wiz Exp $
+#
 #FORMAT 1.0.0
+#
 # Please read "Handling packages with security problems" in the pkgsrc
 # guide before editing this file.
+#
 # Note: NEVER remove entries from this file; this should document *all*
 # known package vulnerabilities so it is entirely appropriate to have
 # multiple entries in this file for a single package, and to contain
 # entries for packages which have been removed from pkgsrc.
+#
 # New entries should be added at the end of this file.
+#
 @@ -24791,27 +24791,27 @@ rabbitmq>=3.9.0<3.9.18	denial-of-service
 rabbitmq>=3.10.0<3.10.2	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-31008
 qt5-qtbase-[0-9]*	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2021-3481
 qemu<7.1.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-14394
 qemu<7.1.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-0216
 qemu-[0-9]*	insecure-lock-files	https://nvd.nist.gov/vuln/detail/CVE-2021-3735
 qemu<6.2.1	privilege-escalation	https://nvd.nist.gov/vuln/detail/CVE-2022-0358
 qemu<2.0.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2014-0148
 qemu<1.6.2	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2014-0147
 qemu<2.0.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2014-0144
 qemu<7.2.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-3165
 qemu<7.1.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-3872
 qemu<7.2.0	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2022-4172
 qemu<7.2.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-4144
-png-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2021-4214
+#png-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2021-4214 # test program only, not installed
 pngcheck<3.0.3	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2020-35511
 py{27,36,37,38,39,310,311}-matrix-nio<0.20	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2022-39254
 py{27,36,37,38,39,310,311}-octoprint<1.9.0	security-restrictions-bypass	https://nvd.nist.gov/vuln/detail/CVE-2022-2822
 python36<3.6.14	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2021-4189
 python37<3.7.11	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2021-4189
 python38<3.8.9	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2021-4189
 python39<3.9.3	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2021-4189
 python37<3.7.14	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-10735
 python38<3.8.14	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-10735
 python39<3.9.14	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-10735
 python310<3.10.7	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-10735
 python37<3.7.8	arbitrary-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2022-42919
 python38<3.8.4	arbitrary-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2022-42919
 @@ -25514,27 +25514,27 @@ jhead<3.08	out-of-bounds-write	https://n
 jhead<3.04	arbitrary-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2020-28840
 monit<5.31.0	remote-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2022-26563
 tiff<4.5.0	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2022-4645
 tiff<4.5.1	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-1916
 vim<9.0.1367	divide-by-zero	https://nvd.nist.gov/vuln/detail/CVE-2023-1127
 vim<9.0.1376	heap-buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2023-1170
 vim<9.0.1378	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2023-1175
 vim<9.0.1392	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2023-1264
 vim<9.0.1402	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2023-1355
 vim<9.0.1499	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2023-2426
 vim<9.0.1531	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2023-2609
 vim<9.0.1532	integer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2023-2610
 optipng-[0-9]*	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2023-43907
-png-[0-9]*	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2022-3857
+#png-[0-9]*	null-pointer-dereference	https://nvd.nist.gov/vuln/detail/CVE-2022-3857 # false positive
 jpegoptim<1.5.3	heap-overflow	https://nvd.nist.gov/vuln/detail/CVE-2023-27781
 phppgadmin<7.14.5	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2023-40619
 phppgadmin<7.7	arbitrary-command-execution	https://nvd.nist.gov/vuln/detail/CVE-2023-5002
 phppgadmin<6.19	directory-traversal	https://nvd.nist.gov/vuln/detail/CVE-2023-0241
 webkit-gtk<2.36.8	remote-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2023-25363
 webkit-gtk<2.36.8	remote-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2023-25362
 webkit-gtk<2.36.8	remote-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2023-25361
 webkit-gtk<2.36.8	remote-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2023-25360
 webkit-gtk<2.36.8	remote-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2023-25358
 libde265-[0-9]*	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2022-47664
 libcares<1.19.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2022-4904
 webkit-gtk<2.26.0	memory-corruption	https://nvd.nist.gov/vuln/detail/CVE-2019-8720
 qemu>=7.2.0<7.2.3	use-after-free	https://nvd.nist.gov/vuln/detail/CVE-2023-0330