| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.196 2024/05/15 07:53:36 wiz Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.197 2024/05/15 08:18:54 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -19148,27 +19148,27 @@ gpac<0.8.0 buffer-overflow https://n | | | @@ -19148,27 +19148,27 @@ gpac<0.8.0 buffer-overflow https://n |
19148 | gpac<0.8.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2019-20630 | | 19148 | gpac<0.8.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2019-20630 |
19149 | gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20631 | | 19149 | gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20631 |
19150 | gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20632 | | 19150 | gpac<0.8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2019-20632 |
19151 | gpac<0.8.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2019-20628 | | 19151 | gpac<0.8.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2019-20628 |
19152 | mbedtls<2.6.15 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-10941 | | 19152 | mbedtls<2.6.15 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-10941 |
19153 | py{27,36,37,38}-bleach<3.11 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6802 | | 19153 | py{27,36,37,38}-bleach<3.11 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6802 |
19154 | py{27,36,37,38}-bleach<3.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6816 | | 19154 | py{27,36,37,38}-bleach<3.12 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-6816 |
19155 | patch-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-20633 | | 19155 | patch-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-20633 |
19156 | php{56,72,73,74}-piwigo<2.10.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-9467 | | 19156 | php{56,72,73,74}-piwigo<2.10.2 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-9467 |
19157 | jenkins<2.204.6 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-2160 | | 19157 | jenkins<2.204.6 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-2160 |
19158 | jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2161 | | 19158 | jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2161 |
19159 | jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2162 | | 19159 | jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2162 |
19160 | jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2163 | | 19160 | jenkins<2.204.6 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2020-2163 |
19161 | gst-rtsp-server-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-6095 | | 19161 | gst-rtsp-server<1.17.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-6095 |
19162 | netbeans-ide<11.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-17560 | | 19162 | netbeans-ide<11.3 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2019-17560 |
19163 | netbeans-ide<11.3 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2019-17561 | | 19163 | netbeans-ide<11.3 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2019-17561 |
19164 | pam-krb5<4.9 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-10595 | | 19164 | pam-krb5<4.9 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-10595 |
19165 | php72-exif<7.2.29 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 | | 19165 | php72-exif<7.2.29 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 |
19166 | php73-exif<7.3.16 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 | | 19166 | php73-exif<7.3.16 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 |
19167 | php74-exif<7.4.4 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 | | 19167 | php74-exif<7.4.4 uninitialized-memory-read https://nvd.nist.gov/vuln/detail/CVE-2020-7064 |
19168 | php>=7.3<7.3.16 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065 | | 19168 | php>=7.3<7.3.16 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065 |
19169 | php>=7.4<7.4.4 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065 | | 19169 | php>=7.4<7.4.4 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2020-7065 |
19170 | php>=7.2<7.2.29 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 | | 19170 | php>=7.2<7.2.29 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 |
19171 | php>=7.3<7.3.16 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 | | 19171 | php>=7.3<7.3.16 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 |
19172 | php>=7.4<7.4.4 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 | | 19172 | php>=7.4<7.4.4 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2020-7066 |
19173 | #phpmyadmin-[0-9]* crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2020-11441 Disputed, see https://github.com/phpmyadmin/phpmyadmin/issues/16056 | | 19173 | #phpmyadmin-[0-9]* crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2020-11441 Disputed, see https://github.com/phpmyadmin/phpmyadmin/issues/16056 |
19174 | elasticsearch<6.8.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2020-7009 | | 19174 | elasticsearch<6.8.8 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2020-7009 |
| @@ -21978,29 +21978,26 @@ tor>=0.4.6<0.4.6.7 verification-bypass h | | | @@ -21978,29 +21978,26 @@ tor>=0.4.6<0.4.6.7 verification-bypass h |
21978 | tor<0.4.5.10 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-38385 | | 21978 | tor<0.4.5.10 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-38385 |
21979 | mc<4.8.27 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-36370 | | 21979 | mc<4.8.27 verification-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-36370 |
21980 | cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35634 | | 21980 | cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35634 |
21981 | cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35633 | | 21981 | cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35633 |
21982 | cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35635 | | 21982 | cgal-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2020-35635 |
21983 | git-base<2.30.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2021-40330 | | 21983 | git-base<2.30.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2021-40330 |
21984 | mosquitto-[0-9]* security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-34434 | | 21984 | mosquitto-[0-9]* security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-34434 |
21985 | matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39164 | | 21985 | matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39164 |
21986 | matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39163 | | 21986 | matrix-synapse<1.41.1 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-39163 |
21987 | libssh<0.9.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3634 | | 21987 | libssh<0.9.6 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2021-3634 |
21988 | xmill-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2021-21811 | | 21988 | xmill-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2021-21811 |
21989 | cyrus-imapd<2.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582 | | 21989 | cyrus-imapd<2.4.23 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582 |
21990 | cyrus-imapd>=3.0<3.0.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582 | | 21990 | cyrus-imapd>=3.0<3.0.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33582 |
21991 | gst-plugins1-libav-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 | | | |
21992 | gst-plugins1-libav-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 | | | |
21993 | gst-plugins1-libav-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 | | | |
21994 | ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 | | 21991 | ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 |
21995 | ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 | | 21992 | ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 |
21996 | ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 | | 21993 | ffmpeg2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 |
21997 | ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 | | 21994 | ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 |
21998 | ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 | | 21995 | ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 |
21999 | ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 | | 21996 | ffmpeg3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 |
22000 | ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 | | 21997 | ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 |
22001 | ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 | | 21998 | ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 |
22002 | ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 | | 21999 | ffmpeg4-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 |
22003 | ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 | | 22000 | ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 |
22004 | ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 | | 22001 | ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18776 |
22005 | ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 | | 22002 | ffplay2-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18775 |
22006 | ffplay3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 | | 22003 | ffplay3-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-18778 |