Wed Apr 10 19:49:31 2024 UTC (45d)
Make MariaDB vulnerability version specifiers apply properly to the
versions we've included with pkgsrc.


(nia)
diff -r1.167 -r1.168 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.167 -r1.168 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/04/10 07:27:00 1.167
+++ pkgsrc/doc/pkg-vulnerabilities 2024/04/10 19:49:30 1.168
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.167 2024/04/10 07:27:00 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.168 2024/04/10 19:49:30 nia Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -22733,29 +22733,35 @@ gpac-[0-9]* denial-of-service https://nv @@ -22733,29 +22733,35 @@ gpac-[0-9]* denial-of-service https://nv
22733gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46311 22733gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46311
22734gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46313 22734gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46313
22735grafana<8.3.4 input-validation https://nvd.nist.gov/vuln/detail/CVE-2022-21673 22735grafana<8.3.4 input-validation https://nvd.nist.gov/vuln/detail/CVE-2022-21673
22736hdf5-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2021-46242 22736hdf5-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2021-46242
22737hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46243 22737hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46243
22738hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46244 22738hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46244
22739ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19860 22739ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19860
22740ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19861 22740ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19861
22741librecad-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-45341 22741librecad-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-45341
22742librecad-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-45342 22742librecad-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-45342
22743librecad-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45343 22743librecad-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45343
22744libsixel-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45340 22744libsixel-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45340
22745libspf2<1.2.11 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-33912 22745libspf2<1.2.11 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-33912
22746mariadb-server<10.6.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657 22746mariadb-server>=10.4<10.4.20 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657
22747mariadb-server<10.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658 22747mariadb-server>=10.5<10.5.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657
22748mariadb-server<10.7.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659 22748mariadb-server>=10.6<10.6.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657
 22749mariadb-server>=10.4<10.4.21 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658
 22750mariadb-server>=10.5<10.5.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658
 22751mariadb-server>=10.6<10.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658
 22752mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659
 22753mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659
 22754mariadb-server>=10.6<10.6.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659
22749moodle<3.11.5 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0332 22755moodle<3.11.5 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0332
22750moodle<3.11.5 invalid-validation https://nvd.nist.gov/vuln/detail/CVE-2022-0333 22756moodle<3.11.5 invalid-validation https://nvd.nist.gov/vuln/detail/CVE-2022-0333
22751moodle<3.11.5 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-0334 22757moodle<3.11.5 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-0334
22752moodle<3.11.5 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2022-0335 22758moodle<3.11.5 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2022-0335
22753py{36,37,38,39,310}-wagtail<2.15.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-21683 22759py{36,37,38,39,310}-wagtail<2.15.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-21683
22754vim<8.2.4120 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0261 22760vim<8.2.4120 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0261
22755wolfssl>=5<5.1.1 side-channel https://nvd.nist.gov/vuln/detail/CVE-2022-23408 22761wolfssl>=5<5.1.1 side-channel https://nvd.nist.gov/vuln/detail/CVE-2022-23408
22756py{36,37,38,39,310}-loguru<0.6.0 remote-code-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0329 22762py{36,37,38,39,310}-loguru<0.6.0 remote-code-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0329
22757vim<8.2.4151 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0318 22763vim<8.2.4151 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0318
22758php{56,70,71,72,73,74,80}-phpmyadmin<4.9.8 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-23807 22764php{56,70,71,72,73,74,80}-phpmyadmin<4.9.8 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-23807
22759xerces-j<2.12.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-23437 22765xerces-j<2.12.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-23437
22760vim<8.2.4206 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-0351 22766vim<8.2.4206 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-0351
22761vim<8.2.4217 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-0368 22767vim<8.2.4217 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-0368
@@ -23543,30 +23549,38 @@ libdwarf<0.4.1 denial-of-service https:/ @@ -23543,30 +23549,38 @@ libdwarf<0.4.1 denial-of-service https:/
23543libjpeg-turbo<2.1.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-46822 23549libjpeg-turbo<2.1.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-46822
23544libntfs<2022.5.17 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30783 23550libntfs<2022.5.17 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30783
23545libntfs<2022.5.17 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30784 23551libntfs<2022.5.17 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30784
23546libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30785 23552libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30785
23547libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30786 23553libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30786
23548libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30787 23554libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30787
23549libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30788 23555libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30788
23550libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30789 23556libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30789
23551libredwg-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-33034 23557libredwg-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-33034
23552libxml2<2.9.14 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-29824 23558libxml2<2.9.14 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-29824
23553lighttpd<1.4.59 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30780 23559lighttpd<1.4.59 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30780
23554lrzip-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33067 23560lrzip-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33067
23555mantis<2.25.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-33910 23561mantis<2.25.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-33910
23556mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621 23562mariadb-server>=10.4<10.4.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621
23557mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622 23563mariadb-server>=10.5<10.5.13 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621
23558mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623 23564mariadb-server>=10.6<10.6.5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621
23559mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624 23565mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622
 23566mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622
 23567mariadb-server>=10.6<10.6.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622
 23568mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623
 23569mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623
 23570mariadb-server>=10.6<10.6.66 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623
 23571mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624
 23572mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624
 23573mariadb-server>=10.6<10.6.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624
23560matio<1.5.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-1515 23574matio<1.5.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-1515
23561moodle<4.0.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-30596 23575moodle<4.0.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-30596
23562moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30597 23576moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30597
23563moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30598 23577moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30598
23564moodle<4.0.1 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-30600 23578moodle<4.0.1 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-30600
23565mupdf<1.3.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30974 23579mupdf<1.3.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30974
23566mupdf<1.3.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-30975 23580mupdf<1.3.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-30975
23567njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29779 23581njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29779
23568njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29780 23582njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29780
23569njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30503 23583njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30503
23570njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31306 23584njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31306
23571njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31307 23585njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31307
23572njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-32414 23586njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-32414