Tue Feb 13 15:24:30 2024 UTC (103d)
doc/pkg-vulnerabilities: add bind916 security problems


(taca)
diff -r1.126 -r1.127 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.126 -r1.127 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/02/13 14:13:37 1.126
+++ pkgsrc/doc/pkg-vulnerabilities 2024/02/13 15:24:30 1.127
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.126 2024/02/13 14:13:37 taca Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.127 2024/02/13 15:24:30 taca Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25877,13 +25877,18 @@ libuv>=1.24.0<1.48 address-check-bypass  @@ -25877,13 +25877,18 @@ libuv>=1.24.0<1.48 address-check-bypass
25877postgresql-server>=12<12.18 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985 25877postgresql-server>=12<12.18 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
25878postgresql-server>=13<13.14 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985 25878postgresql-server>=13<13.14 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
25879postgresql-server>=14<14.11 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985 25879postgresql-server>=14<14.11 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
25880postgresql-server>=15<15.6 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985 25880postgresql-server>=15<15.6 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
25881postgresql-server>=16<16.2 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985 25881postgresql-server>=16<16.2 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
25882asterisk-13.* eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages 25882asterisk-13.* eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
25883unbound<1.19.1 denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387 25883unbound<1.19.1 denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
25884unbound<1.19.1 denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868 25884unbound<1.19.1 denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
25885bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-4408 25885bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-4408
25886bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-5517 25886bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-5517
25887bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-5679 25887bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-5679
25888bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-50387 25888bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-50387
25889bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-50868 25889bind>=9.18<9.18.24 denial-of-service https://kb.isc.org/docs/cve-2023-50868
 25890bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-4408
 25891bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5517
 25892bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5679
 25893bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50387
 25894bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50868