Wed May 15 08:18:54 2024 UTC (33d)
doc: remove some vulns (for libav, not gst-*-libav), add upper bound


(wiz)
diff -r1.196 -r1.197 pkgsrc/doc/pkg-vulnerabilities
cvs diff -r1.196 -r1.197 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/05/15 07:53:36 1.196
+++ pkgsrc/doc/pkg-vulnerabilities 2024/05/15 08:18:54 1.197
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.196 2024/05/15 07:53:36 wiz Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.197 2024/05/15 08:18:54 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -19148,27 +19148,27 @@ gpac<0.8.0 buffer-overflow https://n @@ -19148,27 +19148,27 @@ gpac<0.8.0 buffer-overflow https://n
19148gpac<0.8.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2019-20630 19148gpac<0.8.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2019-20630
19149gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20631 19149gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20631
19150gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20632 19150gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20632
19151gpac<0.8.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2019-20628 19151gpac<0.8.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2019-20628
19152mbedtls<2.6.15 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-10941 19152mbedtls<2.6.15 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-10941
19153py{27,36,37,38}-bleach<3.11 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6802 19153py{27,36,37,38}-bleach<3.11 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6802
19154py{27,36,37,38}-bleach<3.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6816 19154py{27,36,37,38}-bleach<3.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6816
19155patch-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-20633 19155patch-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-20633
19156php{56,72,73,74}-piwigo<2.10.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-9467 19156php{56,72,73,74}-piwigo<2.10.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-9467
19157jenkins<2.204.6 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-2160 19157jenkins<2.204.6 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-2160
19158jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2161 19158jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2161
19159jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2162 19159jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2162
19160jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2163 19160jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2163
19161gst-rtsp-server-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-6095 19161gst-rtsp-server<1.17.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-6095
19162netbeans-ide<11.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-17560 19162netbeans-ide<11.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-17560
19163netbeans-ide<11.3 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2019-17561 19163netbeans-ide<11.3 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2019-17561
19164pam-krb5<4.9 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-10595 19164pam-krb5<4.9 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-10595
19165php72-exif<7.2.29 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 19165php72-exif<7.2.29 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064
19166php73-exif<7.3.16 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 19166php73-exif<7.3.16 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064
19167php74-exif<7.4.4 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 19167php74-exif<7.4.4 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064
19168php>=7.3<7.3.16 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065 19168php>=7.3<7.3.16 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065
19169php>=7.4<7.4.4 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065 19169php>=7.4<7.4.4 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065
19170php>=7.2<7.2.29 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 19170php>=7.2<7.2.29 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066
19171php>=7.3<7.3.16 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 19171php>=7.3<7.3.16 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066
19172php>=7.4<7.4.4 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 19172php>=7.4<7.4.4 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066
19173#phpmyadmin-[0-9]* crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2020-11441 Disputed, see https://github.com/phpmyadmin/phpmyadmin/issues/16056 19173#phpmyadmin-[0-9]* crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2020-11441 Disputed, see https://github.com/phpmyadmin/phpmyadmin/issues/16056
19174elasticsearch<6.8.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2020-7009 19174elasticsearch<6.8.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2020-7009
@@ -21978,29 +21978,26 @@ tor>=0.4.6<0.4.6.7 verification-bypass h @@ -21978,29 +21978,26 @@ tor>=0.4.6<0.4.6.7 verification-bypass h
21978tor<0.4.5.10 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-38385 21978tor<0.4.5.10 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-38385
21979mc<4.8.27 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-36370 21979mc<4.8.27 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-36370
21980cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35634 21980cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35634
21981cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35633 21981cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35633
21982cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35635 21982cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35635
21983git-base<2.30.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2021-40330 21983git-base<2.30.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2021-40330
21984mosquitto-[0-9]* security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-34434 21984mosquitto-[0-9]* security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-34434
21985matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39164 21985matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39164
21986matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39163 21986matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39163
21987libssh<0.9.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3634 21987libssh<0.9.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3634
21988xmill-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2021-21811 21988xmill-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2021-21811
21989cyrus-imapd<2.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582 21989cyrus-imapd<2.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582
21990cyrus-imapd>=3.0<3.0.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582 21990cyrus-imapd>=3.0<3.0.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582
21991gst-plugins1-libav-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 
21992gst-plugins1-libav-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 
21993gst-plugins1-libav-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 
21994ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 21991ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778
21995ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 21992ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776
21996ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 21993ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775
21997ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 21994ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778
21998ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 21995ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776
21999ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 21996ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775
22000ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 21997ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778
22001ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 21998ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776
22002ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 21999ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775
22003ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 22000ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778
22004ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 22001ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776
22005ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 22002ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775
22006ffplay3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 22003ffplay3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778