Sat Feb 24 15:00:58 2024 UTC (92d)
doc: add CVE-2024-25126

Add CVE-2024-25126 entries for www/ruby-rack2 and www/ruby-rack.


(taca)
diff -r1.136 -r1.137 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.136 -r1.137 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/02/23 12:59:46 1.136
+++ pkgsrc/doc/pkg-vulnerabilities 2024/02/24 15:00:58 1.137
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.136 2024/02/23 12:59:46 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.137 2024/02/24 15:00:58 taca Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25890,13 +25890,15 @@ bind>=9.18<9.18.24 denial-of-service htt @@ -25890,13 +25890,15 @@ bind>=9.18<9.18.24 denial-of-service htt
25890bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-4408 25890bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-4408
25891bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5517 25891bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5517
25892bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5679 25892bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5679
25893bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50387 25893bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50387
25894bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50868 25894bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50868
25895dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387 25895dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387
25896dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868 25896dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868
25897powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387 25897powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387
25898powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868 25898powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868
25899nss<3.98.0 information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-5388 25899nss<3.98.0 information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-5388
25900py{27,37,38,39,310,311,312}-dns<2.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-29483 25900py{27,37,38,39,310,311,312}-dns<2.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-29483
25901py{27,37,38,39,310,311,312}-cryptography<42.0.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-26130 25901py{27,37,38,39,310,311,312}-cryptography<42.0.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-26130
25902libcares<1.27.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25629 25902libcares<1.27.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25629
 25903ruby{27,30,31,32,33}-rack2>=2.0<2.2.8.1 denial-of-service https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941
 25904ruby{27,30,31,32,33}-rack>=3.0<3.0.9.1 denial-of-service https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941