Mon Mar 25 03:09:27 2024 UTC (59d)
limit scope of CVS-2022-37325 for Asterisk


(jnemeth)
diff -r1.153 -r1.154 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.153 -r1.154 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/03/23 15:16:59 1.153
+++ pkgsrc/doc/pkg-vulnerabilities 2024/03/25 03:09:27 1.154
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.153 2024/03/23 15:16:59 taca Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.154 2024/03/25 03:09:27 jnemeth Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25040,27 +25040,29 @@ postgresql-server>=10<10.21 arbitrary-co @@ -25040,27 +25040,29 @@ postgresql-server>=10<10.21 arbitrary-co
25040postgresql-server>=11<11.16 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 25040postgresql-server>=11<11.16 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552
25041postgresql-server>=12<12.11 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 25041postgresql-server>=12<12.11 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552
25042postgresql-server>=13<13.7 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 25042postgresql-server>=13<13.7 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552
25043postgresql-server>=14<14.3 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552 25043postgresql-server>=14<14.3 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-1552
25044asterisk>=16<16.16.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 25044asterisk>=16<16.16.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837
25045asterisk>=17<17.9.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 25045asterisk>=17<17.9.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837
25046asterisk>=18<18.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837 25046asterisk>=18<18.2.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46837
25047asterisk>=16<16.16.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 25047asterisk>=16<16.16.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706
25048asterisk>=17<18.15.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 25048asterisk>=17<18.15.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706
25049asterisk>=19<19.7.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706 25049asterisk>=19<19.7.1 local-file-read https://nvd.nist.gov/vuln/detail/CVE-2022-42706
25050asterisk>=16<16.29.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 25050asterisk>=16<16.29.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705
25051asterisk>=18.14<18.15.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 25051asterisk>=18.14<18.15.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705
25052asterisk>=19.6<19.7.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705 25052asterisk>=19.6<19.7.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-42705
25053asterisk-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325 25053asterisk<16.28.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325
 25054asterisk>=17<18.14.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325
 25055asterisk>=19<19.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-37325
25054salt-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-33226 25056salt-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-33226
25055xdg-utils-[0-9]* command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-4055 25057xdg-utils-[0-9]* command-execution https://nvd.nist.gov/vuln/detail/CVE-2022-4055
25056mysql-client>=8<8.0.29 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL 25058mysql-client>=8<8.0.29 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujul2022.html#AppendixMSQL
25057openjdk8<1.8.346 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA 25059openjdk8<1.8.346 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA
25058openjdk11<1.11.0.16.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA 25060openjdk11<1.11.0.16.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA
25059openjdk17<1.17.0.4.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA 25061openjdk17<1.17.0.4.2 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpuoct2022.html#AppendixJAVA
25060openjdk8<1.8.352 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA 25062openjdk8<1.8.352 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA
25061openjdk11<1.11.0.18 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA 25063openjdk11<1.11.0.18 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA
25062openjdk11<1.17.0.6 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA 25064openjdk11<1.17.0.6 multiple-vulnerabilities https://www.oracle.com/security-alerts/cpujan2023.html#AppendixJAVA
25063nethack>=3.6.2<3.6.7 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-24809 25065nethack>=3.6.2<3.6.7 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-24809
25064moodle<4.1.1 unauthorized-access https://nvd.nist.gov/vuln/detail/CVE-2023-23923 25066moodle<4.1.1 unauthorized-access https://nvd.nist.gov/vuln/detail/CVE-2023-23923
25065moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23922 25067moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23922
25066moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23921 25068moodle<4.1.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-23921