Mon Apr 8 06:06:36 2024 UTC (70d)
doc: add some upper bounds


(wiz)
diff -r1.163 -r1.164 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.163 -r1.164 pkgsrc/doc/pkg-vulnerabilities (expand / switch to context diff)
--- pkgsrc/doc/pkg-vulnerabilities 2024/04/07 21:36:33 1.163
+++ pkgsrc/doc/pkg-vulnerabilities 2024/04/08 06:06:36 1.164
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.163 2024/04/07 21:36:33 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.164 2024/04/08 06:06:36 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -16636,7 +16636,7 @@
 cacti<1.2.0	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-20724
 cacti<1.2.0	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-20725
 cacti<1.2.0	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2018-20726
-cairo-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2019-6461
+cairo<1.18.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2019-6461
 cairo<1.16.0nb8	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2019-6462
 py{27,34,35,36,37,38}-numpy-[0-9]*	arbitrary-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2019-6446
 php{56,70,71,72}-drupal>=7<7.62		unspecified			https://www.drupal.org/SA-CORE-2019-001
@@ -25136,11 +25136,9 @@
 git-base<2.40.1	arbitrary-file-write	https://nvd.nist.gov/vuln/detail/CVE-2023-25652
 git-base<2.40.1	arbitrary-messages	https://nvd.nist.gov/vuln/detail/CVE-2023-25815
 git-base<2.40.1	configuration-misinterpretation	https://nvd.nist.gov/vuln/detail/CVE-2023-29007
-# CPAN up to and including 2.34
-perl-[0-9]*	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2023-31484
+perl<5.38.0	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2023-31484
 p5-GitLab-API-v4-[0-9]*	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2023-31485
-# HTTP::Tiny up to and including 0.082, part of perl
-perl-[0-9]*	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2023-31486
+perl<5.38.0	sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2023-31486
 py{36,37,38,39,310,311}-django>=3.2<3.2.19	input-validation	https://nvd.nist.gov/vuln/detail/CVE-2023-31047
 py{36,37,38,39,310,311}-django>=4.1<4.1.9	input-validation	https://nvd.nist.gov/vuln/detail/CVE-2023-31047
 py{36,37,38,39,310,311}-django>=4.2<4.2.1	input-validation	https://nvd.nist.gov/vuln/detail/CVE-2023-31047
@@ -25441,8 +25439,10 @@
 wireshark-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2023-4512
 wireshark<4.0.8	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2023-4511
 wireshark-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2023-5371
-w3m-[0-9]*	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-38252
-w3m-[0-9]*	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-38253
+w3m<0.5.3.0.20230121nb4	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-38252
+w3m-img<0.5.3.0.20230121nb2	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-38252
+w3m<0.5.3.0.20230121nb4	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-38253
+w3m-img<0.5.3.0.20230121nb2	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2023-38253
 vsftpd-[0-9]*	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2021-30047
 vorbis-tools-[0-9]*	buffer-overflow	https://nvd.nist.gov/vuln/detail/CVE-2023-43361
 matrix-synapse<1.74.0	security-bypass	https://nvd.nist.gov/vuln/detail/CVE-2023-32323