| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.167 2024/04/10 07:27:00 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.168 2024/04/10 19:49:30 nia Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -22733,29 +22733,35 @@ gpac-[0-9]* denial-of-service https://nv | | | @@ -22733,29 +22733,35 @@ gpac-[0-9]* denial-of-service https://nv |
22733 | gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46311 | | 22733 | gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46311 |
22734 | gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46313 | | 22734 | gpac-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46313 |
22735 | grafana<8.3.4 input-validation https://nvd.nist.gov/vuln/detail/CVE-2022-21673 | | 22735 | grafana<8.3.4 input-validation https://nvd.nist.gov/vuln/detail/CVE-2022-21673 |
22736 | hdf5-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2021-46242 | | 22736 | hdf5-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2021-46242 |
22737 | hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46243 | | 22737 | hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46243 |
22738 | hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46244 | | 22738 | hdf5-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46244 |
22739 | ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19860 | | 22739 | ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19860 |
22740 | ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19861 | | 22740 | ldns<1.8.0 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-19861 |
22741 | librecad-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-45341 | | 22741 | librecad-[0-9]* remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-45341 |
22742 | librecad-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-45342 | | 22742 | librecad-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-45342 |
22743 | librecad-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45343 | | 22743 | librecad-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45343 |
22744 | libsixel-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45340 | | 22744 | libsixel-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-45340 |
22745 | libspf2<1.2.11 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-33912 | | 22745 | libspf2<1.2.11 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2021-33912 |
22746 | mariadb-server<10.6.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657 | | 22746 | mariadb-server>=10.4<10.4.20 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657 |
22747 | mariadb-server<10.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658 | | 22747 | mariadb-server>=10.5<10.5.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657 |
22748 | mariadb-server<10.7.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659 | | 22748 | mariadb-server>=10.6<10.6.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46657 |
| | | 22749 | mariadb-server>=10.4<10.4.21 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658 |
| | | 22750 | mariadb-server>=10.5<10.5.12 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658 |
| | | 22751 | mariadb-server>=10.6<10.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46658 |
| | | 22752 | mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659 |
| | | 22753 | mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659 |
| | | 22754 | mariadb-server>=10.6<10.6.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-46659 |
22749 | moodle<3.11.5 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0332 | | 22755 | moodle<3.11.5 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0332 |
22750 | moodle<3.11.5 invalid-validation https://nvd.nist.gov/vuln/detail/CVE-2022-0333 | | 22756 | moodle<3.11.5 invalid-validation https://nvd.nist.gov/vuln/detail/CVE-2022-0333 |
22751 | moodle<3.11.5 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-0334 | | 22757 | moodle<3.11.5 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-0334 |
22752 | moodle<3.11.5 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2022-0335 | | 22758 | moodle<3.11.5 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2022-0335 |
22753 | py{36,37,38,39,310}-wagtail<2.15.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-21683 | | 22759 | py{36,37,38,39,310}-wagtail<2.15.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-21683 |
22754 | vim<8.2.4120 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0261 | | 22760 | vim<8.2.4120 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0261 |
22755 | wolfssl>=5<5.1.1 side-channel https://nvd.nist.gov/vuln/detail/CVE-2022-23408 | | 22761 | wolfssl>=5<5.1.1 side-channel https://nvd.nist.gov/vuln/detail/CVE-2022-23408 |
22756 | py{36,37,38,39,310}-loguru<0.6.0 remote-code-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0329 | | 22762 | py{36,37,38,39,310}-loguru<0.6.0 remote-code-injection https://nvd.nist.gov/vuln/detail/CVE-2022-0329 |
22757 | vim<8.2.4151 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0318 | | 22763 | vim<8.2.4151 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-0318 |
22758 | php{56,70,71,72,73,74,80}-phpmyadmin<4.9.8 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-23807 | | 22764 | php{56,70,71,72,73,74,80}-phpmyadmin<4.9.8 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-23807 |
22759 | xerces-j<2.12.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-23437 | | 22765 | xerces-j<2.12.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-23437 |
22760 | vim<8.2.4206 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-0351 | | 22766 | vim<8.2.4206 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-0351 |
22761 | vim<8.2.4217 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-0368 | | 22767 | vim<8.2.4217 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2022-0368 |
| @@ -23543,30 +23549,38 @@ libdwarf<0.4.1 denial-of-service https:/ | | | @@ -23543,30 +23549,38 @@ libdwarf<0.4.1 denial-of-service https:/ |
23543 | libjpeg-turbo<2.1.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-46822 | | 23549 | libjpeg-turbo<2.1.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-46822 |
23544 | libntfs<2022.5.17 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30783 | | 23550 | libntfs<2022.5.17 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30783 |
23545 | libntfs<2022.5.17 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30784 | | 23551 | libntfs<2022.5.17 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30784 |
23546 | libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30785 | | 23552 | libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30785 |
23547 | libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30786 | | 23553 | libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30786 |
23548 | libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30787 | | 23554 | libntfs<2022.5.17 arbitrary-memory-access https://nvd.nist.gov/vuln/detail/CVE-2022-30787 |
23549 | libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30788 | | 23555 | libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30788 |
23550 | libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30789 | | 23556 | libntfs<2022.5.17 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-30789 |
23551 | libredwg-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-33034 | | 23557 | libredwg-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-33034 |
23552 | libxml2<2.9.14 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-29824 | | 23558 | libxml2<2.9.14 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2022-29824 |
23553 | lighttpd<1.4.59 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30780 | | 23559 | lighttpd<1.4.59 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30780 |
23554 | lrzip-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33067 | | 23560 | lrzip-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33067 |
23555 | mantis<2.25.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-33910 | | 23561 | mantis<2.25.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-33910 |
23556 | mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621 | | 23562 | mariadb-server>=10.4<10.4.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621 |
23557 | mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622 | | 23563 | mariadb-server>=10.5<10.5.13 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621 |
23558 | mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623 | | 23564 | mariadb-server>=10.6<10.6.5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31621 |
23559 | mariadb-server<10.7 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624 | | 23565 | mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622 |
| | | 23566 | mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622 |
| | | 23567 | mariadb-server>=10.6<10.6.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31622 |
| | | 23568 | mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623 |
| | | 23569 | mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623 |
| | | 23570 | mariadb-server>=10.6<10.6.66 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31623 |
| | | 23571 | mariadb-server>=10.4<10.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624 |
| | | 23572 | mariadb-server>=10.5<10.5.14 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624 |
| | | 23573 | mariadb-server>=10.6<10.6.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31624 |
23560 | matio<1.5.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-1515 | | 23574 | matio<1.5.22 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-1515 |
23561 | moodle<4.0.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-30596 | | 23575 | moodle<4.0.1 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2022-30596 |
23562 | moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30597 | | 23576 | moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30597 |
23563 | moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30598 | | 23577 | moodle<4.0.1 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2022-30598 |
23564 | moodle<4.0.1 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-30600 | | 23578 | moodle<4.0.1 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2022-30600 |
23565 | mupdf<1.3.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30974 | | 23579 | mupdf<1.3.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30974 |
23566 | mupdf<1.3.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-30975 | | 23580 | mupdf<1.3.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2022-30975 |
23567 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29779 | | 23581 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29779 |
23568 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29780 | | 23582 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-29780 |
23569 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30503 | | 23583 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-30503 |
23570 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31306 | | 23584 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31306 |
23571 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31307 | | 23585 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-31307 |
23572 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-32414 | | 23586 | njs<0.7.4 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-32414 |