| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.153 2024/03/23 15:16:59 taca Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.154 2024/03/25 03:09:27 jnemeth Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25040,27 +25040,29 @@ postgresql-server>=10<10.21 arbitrary-co | | | @@ -25040,27 +25040,29 @@ postgresql-server>=10<10.21 arbitrary-co |
25040 | postgresql-server>=11<11.16 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 | | 25040 | postgresql-server>=11<11.16 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 |
25041 | postgresql-server>=12<12.11 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 | | 25041 | postgresql-server>=12<12.11 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 |
25042 | postgresql-server>=13<13.7 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 | | 25042 | postgresql-server>=13<13.7 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 |
25043 | postgresql-server>=14<14.3 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 | | 25043 | postgresql-server>=14<14.3 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 |
25044 | asterisk>=16<16.16.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 | | 25044 | asterisk>=16<16.16.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 |
25045 | asterisk>=17<17.9.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 | | 25045 | asterisk>=17<17.9.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 |
25046 | asterisk>=18<18.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 | | 25046 | asterisk>=18<18.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 |
25047 | asterisk>=16<16.16.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 | | 25047 | asterisk>=16<16.16.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 |
25048 | asterisk>=17<18.15.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 | | 25048 | asterisk>=17<18.15.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 |
25049 | asterisk>=19<19.7.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 | | 25049 | asterisk>=19<19.7.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 |
25050 | asterisk>=16<16.29.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 | | 25050 | asterisk>=16<16.29.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 |
25051 | asterisk>=18.14<18.15.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 | | 25051 | asterisk>=18.14<18.15.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 |
25052 | asterisk>=19.6<19.7.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 | | 25052 | asterisk>=19.6<19.7.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 |
25053 | asterisk-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325 | | 25053 | asterisk<16.28.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325 |
| | | 25054 | asterisk>=17<18.14.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325 |
| | | 25055 | asterisk>=19<19.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325 |
25054 | salt-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-33226 | | 25056 | salt-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-33226 |
25055 | xdg-utils-[0-9]* command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-4055 | | 25057 | xdg-utils-[0-9]* command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-4055 |
25056 | mysql-client>=8<8.0.29 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL | | 25058 | mysql-client>=8<8.0.29 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL |
25057 | openjdk8<1.8.346 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA | | 25059 | openjdk8<1.8.346 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA |
25058 | openjdk11<1.11.0.16.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA | | 25060 | openjdk11<1.11.0.16.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA |
25059 | openjdk17<1.17.0.4.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA | | 25061 | openjdk17<1.17.0.4.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA |
25060 | openjdk8<1.8.352 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA | | 25062 | openjdk8<1.8.352 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA |
25061 | openjdk11<1.11.0.18 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA | | 25063 | openjdk11<1.11.0.18 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA |
25062 | openjdk11<1.17.0.6 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA | | 25064 | openjdk11<1.17.0.6 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA |
25063 | nethack>=3.6.2<3.6.7 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-24809 | | 25065 | nethack>=3.6.2<3.6.7 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-24809 |
25064 | moodle<4.1.1 unauthorized-access https://nvd.nist.gov/vuln/detail/CVE-2023-23923 | | 25066 | moodle<4.1.1 unauthorized-access https://nvd.nist.gov/vuln/detail/CVE-2023-23923 |
25065 | moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23922 | | 25067 | moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23922 |
25066 | moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23921 | | 25068 | moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23921 |