| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.136 2024/02/23 12:59:46 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.137 2024/02/24 15:00:58 taca Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25890,13 +25890,15 @@ bind>=9.18<9.18.24 denial-of-service htt | | | @@ -25890,13 +25890,15 @@ bind>=9.18<9.18.24 denial-of-service htt |
25890 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-4408 | | 25890 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-4408 |
25891 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5517 | | 25891 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5517 |
25892 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5679 | | 25892 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-5679 |
25893 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50387 | | 25893 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50387 |
25894 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50868 | | 25894 | bind>=9.16<9.16.48 denial-of-service https://kb.isc.org/docs/cve-2023-50868 |
25895 | dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387 | | 25895 | dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387 |
25896 | dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868 | | 25896 | dnsmasq<2.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868 |
25897 | powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387 | | 25897 | powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50387 |
25898 | powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868 | | 25898 | powerdns-recursor<4.8.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-50868 |
25899 | nss<3.98.0 information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-5388 | | 25899 | nss<3.98.0 information-leak https://nvd.nist.gov/vuln/detail/CVE-2023-5388 |
25900 | py{27,37,38,39,310,311,312}-dns<2.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-29483 | | 25900 | py{27,37,38,39,310,311,312}-dns<2.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-29483 |
25901 | py{27,37,38,39,310,311,312}-cryptography<42.0.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-26130 | | 25901 | py{27,37,38,39,310,311,312}-cryptography<42.0.4 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2024-26130 |
25902 | libcares<1.27.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25629 | | 25902 | libcares<1.27.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-25629 |
| | | 25903 | ruby{27,30,31,32,33}-rack2>=2.0<2.2.8.1 denial-of-service https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 |
| | | 25904 | ruby{27,30,31,32,33}-rack>=3.0<3.0.9.1 denial-of-service https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 |