Fri May 3 06:00:23 2024 UTC (35d)

doc: add an upper bound for gnome-autoar


(wiz)

diff -r1.184 -r1.185 pkgsrc/doc/pkg-vulnerabilities

--- pkgsrc/doc/pkg-vulnerabilities 2024/05/02 14:51:53 1.184
+++ pkgsrc/doc/pkg-vulnerabilities 2024/05/03 06:00:22 1.185

 @@ -1,14 +1,14 @@
-# $NetBSD: pkg-vulnerabilities,v 1.184 2024/05/02 14:51:53 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.185 2024/05/03 06:00:22 wiz Exp $
+#
 #FORMAT 1.0.0
+#
 # Please read "Handling packages with security problems" in the pkgsrc
 # guide before editing this file.
+#
 # Note: NEVER remove entries from this file; this should document *all*
 # known package vulnerabilities so it is entirely appropriate to have
 # multiple entries in this file for a single package, and to contain
 # entries for packages which have been removed from pkgsrc.
+#
 # New entries should be added at the end of this file.
+#
 @@ -20598,27 +20598,27 @@ go115<1.15.7		arbitrary-code-execution	h
 gst-plugins1-bad<1.16.3	arbitrary-code-execution	https://nvd.nist.gov/vuln/detail/CVE-2021-3185
 jasper<2.0.25		out-of-bounds-read		https://nvd.nist.gov/vuln/detail/CVE-2021-3272
 jenkins<2.263.2		arbitrary-file-reading		https://nvd.nist.gov/vuln/detail/CVE-2021-21615
 libgcrypt<1.9.1		buffer-overflow			https://nvd.nist.gov/vuln/detail/CVE-2021-3345
 mantis<2.24.4		sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2020-29603
 mantis<2.24.4		sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2020-29604
 mantis<2.24.4		sensitive-information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2020-29605
 ImageMagick<7.0.10.62	divide-by-zero			https://nvd.nist.gov/vuln/detail/CVE-2021-20176
 ImageMagick6<6.99.11.62	divide-by-zero			https://nvd.nist.gov/vuln/detail/CVE-2021-20176
 apache-cassandra<2.2.20		authentication-bypass	https://nvd.nist.gov/vuln/detail/CVE-2020-17516
 apache-cassandra>=3<3.11.24	authentication-bypass	https://nvd.nist.gov/vuln/detail/CVE-2020-17516
 bitcoin<0.19.0		command-injection	https://nvd.nist.gov/vuln/detail/CVE-2021-3401
 gitea<1.13.2		stack-overflow		https://nvd.nist.gov/vuln/detail/CVE-2021-3382
-gnome-autoar-[0-9]*	arbitrary-file-write	https://nvd.nist.gov/vuln/detail/CVE-2020-36241
+gnome-autoar<0.3.0	arbitrary-file-write	https://nvd.nist.gov/vuln/detail/CVE-2020-36241
 mit-krb5-appl-[0-9]*	arbitrary-file-write	https://nvd.nist.gov/vuln/detail/CVE-2019-25017
 mit-krb5-appl-[0-9]*	authorization-bypass	https://nvd.nist.gov/vuln/detail/CVE-2019-25018
 nim<1.2.6		crlf-attack			https://nvd.nist.gov/vuln/detail/CVE-2020-15690
 opendoas>=6.6<6.8.1	arbitrary-command-execution	https://nvd.nist.gov/vuln/detail/CVE-2019-25016
 openjpeg<2.4.0		heap-overflow			https://nvd.nist.gov/vuln/detail/CVE-2020-27814
 php{56,72,73,74}-nextcloud<20.0.2	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-8293
 php{56,72,73,74}-nextcloud<20.0.2	cross-site-scripting	https://nvd.nist.gov/vuln/detail/CVE-2020-8294
 php{56,72,73,74}-nextcloud<20.0.0	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-8295
 py{36,37,38,39}-django>=2.2<2.2.18	directory-traversal	https://nvd.nist.gov/vuln/detail/CVE-2021-3281
 py{36,37,38,39}-django>=3.1<3.1.6	directory-traversal	https://nvd.nist.gov/vuln/detail/CVE-2021-3281
 py{27,36,37,38,39}-jinja2<2.11.3	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2020-28493
 qemu<5.0.0	out-of-bounds-write	https://nvd.nist.gov/vuln/detail/CVE-2020-17380
 qemu<5.1.0	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2020-29443