| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.179 2024/04/25 07:24:08 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.180 2024/04/25 15:14:49 taca Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -25982,13 +25982,16 @@ p5-HTTP-Body<1.23 shell-escape https://n | | | @@ -25982,13 +25982,16 @@ p5-HTTP-Body<1.23 shell-escape https://n |
25982 | php>=8.1<8.1.28 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 | | 25982 | php>=8.1<8.1.28 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 |
25983 | php>=8.1.11<8.1.28 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 | | 25983 | php>=8.1.11<8.1.28 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 |
25984 | php>=8.1<8.1.28 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr | | 25984 | php>=8.1<8.1.28 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr |
25985 | php>=8.2<8.2.18 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 | | 25985 | php>=8.2<8.2.18 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 |
25986 | php>=8.2<8.2.18 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 | | 25986 | php>=8.2<8.2.18 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 |
25987 | php>=8.2<8.2.18 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr | | 25987 | php>=8.2<8.2.18 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr |
25988 | php>=8.3<8.3.5 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 | | 25988 | php>=8.3<8.3.5 command-injection https://github.com/php/php-src/security/advisories/GHSA-pc52-254m-w9w7 |
25989 | php>=8.3<8.3.5 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 | | 25989 | php>=8.3<8.3.5 security-bypass https://github.com/php/php-src/security/advisories/GHSA-wpj3-hf5j-x4v4 |
25990 | php>=8.3<8.3.5 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr | | 25990 | php>=8.3<8.3.5 authentication-bypass https://github.com/php/php-src/security/advisories/GHSA-h746-cjrr-wfmr |
25991 | php>=7.4<8.0 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages | | 25991 | php>=7.4<8.0 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages |
25992 | php>=8.0<8.1 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages | | 25992 | php>=8.0<8.1 eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages |
25993 | putty<0.81 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 | | 25993 | putty<0.81 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 |
25994 | filezilla<3.67.0 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 | | 25994 | filezilla<3.67.0 secret-key-recovery https://nvd.nist.gov/vuln/detail/CVE-2024-31497 |
| | | 25995 | ruby31-base>=3.1<3.1.5 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ |
| | | 25996 | ruby32-base>=3.2<3.2.4 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ |
| | | 25997 | ruby33>=3.3<3.3.1 arbitrary-memory-read https://www.ruby-lang.org/en/news/2024/04/23/arbitrary-memory-address-read-regexp-cve-2024-27282/ |