Sat Apr 27 06:10:27 2024 UTC (15d)
doc: add upper bounds for emacs vulns; remove very unspecific hiawatha

hiawatha entry from 2010, and URL doesn't exist any longer


(wiz)
diff -r1.180 -r1.181 pkgsrc/doc/pkg-vulnerabilities

cvs diff -r1.180 -r1.181 pkgsrc/doc/pkg-vulnerabilities (expand / switch to unified diff)

--- pkgsrc/doc/pkg-vulnerabilities 2024/04/25 15:14:49 1.180
+++ pkgsrc/doc/pkg-vulnerabilities 2024/04/27 06:10:26 1.181
@@ -1,14 +1,14 @@ @@ -1,14 +1,14 @@
1# $NetBSD: pkg-vulnerabilities,v 1.180 2024/04/25 15:14:49 taca Exp $ 1# $NetBSD: pkg-vulnerabilities,v 1.181 2024/04/27 06:10:26 wiz Exp $
2# 2#
3#FORMAT 1.0.0 3#FORMAT 1.0.0
4# 4#
5# Please read "Handling packages with security problems" in the pkgsrc 5# Please read "Handling packages with security problems" in the pkgsrc
6# guide before editing this file. 6# guide before editing this file.
7# 7#
8# Note: NEVER remove entries from this file; this should document *all* 8# Note: NEVER remove entries from this file; this should document *all*
9# known package vulnerabilities so it is entirely appropriate to have 9# known package vulnerabilities so it is entirely appropriate to have
10# multiple entries in this file for a single package, and to contain 10# multiple entries in this file for a single package, and to contain
11# entries for packages which have been removed from pkgsrc. 11# entries for packages which have been removed from pkgsrc.
12# 12#
13# New entries should be added at the end of this file. 13# New entries should be added at the end of this file.
14# 14#
@@ -5162,27 +5162,26 @@ moodle<1.9.11 multiple-vulnerabilities  @@ -5162,27 +5162,26 @@ moodle<1.9.11 multiple-vulnerabilities
5162pango<1.28.3nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0064 5162pango<1.28.3nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0064
5163tor<0.2.1.30 denial-of-service http://secunia.com/advisories/43548/ 5163tor<0.2.1.30 denial-of-service http://secunia.com/advisories/43548/
5164firefox<3.6.14 multiple-vulnerabilities http://secunia.com/advisories/43550/ 5164firefox<3.6.14 multiple-vulnerabilities http://secunia.com/advisories/43550/
5165seamonkey<2.0.12 multiple-vulnerabilities http://secunia.com/advisories/43550/ 5165seamonkey<2.0.12 multiple-vulnerabilities http://secunia.com/advisories/43550/
5166thunderbird<3.1.8 multiple-vulnerabilities http://secunia.com/advisories/43586/ 5166thunderbird<3.1.8 multiple-vulnerabilities http://secunia.com/advisories/43586/
5167weechat<0.3.4 spoofing-attack http://secunia.com/advisories/43543/ 5167weechat<0.3.4 spoofing-attack http://secunia.com/advisories/43543/
5168ap{2,22}-subversion<1.6.16 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715 5168ap{2,22}-subversion<1.6.16 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715
5169moodle<1.9.10 multiple-vulnerabilities http://secunia.com/advisories/43427/ 5169moodle<1.9.10 multiple-vulnerabilities http://secunia.com/advisories/43427/
5170openafs<1.4.14 multiple-vulnerabilities http://secunia.com/advisories/43407/ 5170openafs<1.4.14 multiple-vulnerabilities http://secunia.com/advisories/43407/
5171py{24,25,26,27,31}-moin<1.9.3nb1 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1058 5171py{24,25,26,27,31}-moin<1.9.3nb1 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1058
5172postfix<2.7.3 command-injection http://www.kb.cert.org/vuls/id/555316 5172postfix<2.7.3 command-injection http://www.kb.cert.org/vuls/id/555316
5173postfix>=2.8.20100000<2.8.20110115 command-injection http://www.kb.cert.org/vuls/id/555316 5173postfix>=2.8.20100000<2.8.20110115 command-injection http://www.kb.cert.org/vuls/id/555316
5174TeXmacs-[0-9]* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 5174TeXmacs-[0-9]* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394
5175hiawatha-[0-9]* multiple-vulnerabilities http://www.hiawatha-webserver.org/changelog 
5176patch<2.7 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 5175patch<2.7 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651
5177tiff<3.9.4nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 5176tiff<3.9.4nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
5178suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022 5177suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022
5179suse{,32}_libtiff<11.3nb1 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087 5178suse{,32}_libtiff<11.3nb1 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087
5180suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 5179suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192
5181suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 5180suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167
5182xulrunner<1.9.2.15 multiple-vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14 5181xulrunner<1.9.2.15 multiple-vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14
5183apache-tomcat>=6<6.0.32 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534 5182apache-tomcat>=6<6.0.32 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534
5184unixodbc<2.3.0nb1 remote-system-access http://secunia.com/advisories/43679/ 5183unixodbc<2.3.0nb1 remote-system-access http://secunia.com/advisories/43679/
5185webkit-gtk<1.2.7 multiple-vulnerabilities http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS 5184webkit-gtk<1.2.7 multiple-vulnerabilities http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS
5186sun-{jre,jdk}6<6.0.24 multiple-vulnerabilities http://secunia.com/advisories/43262/ 5185sun-{jre,jdk}6<6.0.24 multiple-vulnerabilities http://secunia.com/advisories/43262/
5187nagios-base<3.3.1 cross-site-scripting http://secunia.com/advisories/43287/ 5186nagios-base<3.3.1 cross-site-scripting http://secunia.com/advisories/43287/
5188libpurple<2.7.11 denial-of-service http://secunia.com/advisories/43695/ 5187libpurple<2.7.11 denial-of-service http://secunia.com/advisories/43695/
@@ -25089,29 +25088,29 @@ xenkernel413-[0-9]* memory-leak https:// @@ -25089,29 +25088,29 @@ xenkernel413-[0-9]* memory-leak https://
25089xenkernel413-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748 25088xenkernel413-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748
25090xenkernel415-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748 25089xenkernel415-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748
25091xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747 25090xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747
25092xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747 25091xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747
25093xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746 25092xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746
25094xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746 25093xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746
25095epiphany-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-26081 25094epiphany-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-26081
25096afl++-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26266 25095afl++-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26266
25097glusterfs-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-26253 25096glusterfs-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-26253
25098knot<5.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-26249 25097knot<5.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-26249
25099jd-gui-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-26235 25098jd-gui-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-26235
25100jd-gui-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2023-26234 25099jd-gui-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2023-26234
25101glusterfs-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-48340 25100glusterfs-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-48340
25102emacs-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48339 25101emacs<29.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48339
25103emacs-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48338 25102emacs<29.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48338
25104emacs-[0-9]* shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-48337 25103emacs<29.1 shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-48337
25105zoneminder<1.36.33 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26039 25104zoneminder<1.36.33 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26039
25106zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26038 25105zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26038
25107zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26037 25106zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26037
25108zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26036 25107zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26036
25109zoneminder<1.36.33 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-26035 25108zoneminder<1.36.33 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-26035
25110zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26034 25109zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26034
25111zoneminder<1.36.33 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-25825 25110zoneminder<1.36.33 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-25825
25112zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26032 25111zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26032
25113curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23915 25112curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23915
25114curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23914 25113curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23914
25115freeimage-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33367 25114freeimage-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33367
25116mantis<2.25.6 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-22476 25115mantis<2.25.6 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-22476
25117libheif<1.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-0996 25116libheif<1.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-0996