Thu Apr 25 15:14:49 2024 UTC (30d)
doc/pkg-vulnerabilities: add CVE-2024-27282

Add CVE-2024-27282 for ruby31-base, ruby32-base and ruby33.


(taca)
diff -r1.179 -r1.180 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.179 -r1.180 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/04/25 07:24:08 1.179
+++ pkgsrc/doc/pkg-vulnerabilities 2024/04/25 15:14:49 1.180
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.179 2024/04/25 07:24:08 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.180 2024/04/25 15:14:49 taca Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -25982,13 +25982,16 @@ p5-HTTP-Body<1.23 shell-escape https://n @@ -25982,13 +25982,16 @@ p5-HTTP-Body<1.23 shell-escape https://n
25982php>=8.1<8.1.28 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 25982php>=8.1<8.1.28 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
25983php>=8.1.11<8.1.28 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 25983php>=8.1.11<8.1.28 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
25984php>=8.1<8.1.28 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr 25984php>=8.1<8.1.28 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
25985php>=8.2<8.2.18 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 25985php>=8.2<8.2.18 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
25986php>=8.2<8.2.18 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 25986php>=8.2<8.2.18 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
25987php>=8.2<8.2.18 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr 25987php>=8.2<8.2.18 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
25988php>=8.3<8.3.5 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 25988php>=8.3<8.3.5 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7
25989php>=8.3<8.3.5 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 25989php>=8.3<8.3.5 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4
25990php>=8.3<8.3.5 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr 25990php>=8.3<8.3.5 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr
25991php>=7.4<8.0 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages 25991php>=7.4<8.0 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
25992php>=8.0<8.1 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages 25992php>=8.0<8.1 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
25993putty<0.81 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 25993putty<0.81 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497
25994filezilla<3.67.0 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 25994filezilla<3.67.0 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497
 25995ruby31-base>=3.1<3.1.5 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
 25996ruby32-base>=3.2<3.2.4 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/
 25997ruby33>=3.3<3.3.1 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/