| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | # $NetBSD: pkg-vulnerabilities,v 1.180 2024/04/25 15:14:49 taca Exp $ | | 1 | # $NetBSD: pkg-vulnerabilities,v 1.181 2024/04/27 06:10:26 wiz Exp $ |
2 | # | | 2 | # |
3 | #FORMAT 1.0.0 | | 3 | #FORMAT 1.0.0 |
4 | # | | 4 | # |
5 | # Please read "Handling packages with security problems" in the pkgsrc | | 5 | # Please read "Handling packages with security problems" in the pkgsrc |
6 | # guide before editing this file. | | 6 | # guide before editing this file. |
7 | # | | 7 | # |
8 | # Note: NEVER remove entries from this file; this should document *all* | | 8 | # Note: NEVER remove entries from this file; this should document *all* |
9 | # known package vulnerabilities so it is entirely appropriate to have | | 9 | # known package vulnerabilities so it is entirely appropriate to have |
10 | # multiple entries in this file for a single package, and to contain | | 10 | # multiple entries in this file for a single package, and to contain |
11 | # entries for packages which have been removed from pkgsrc. | | 11 | # entries for packages which have been removed from pkgsrc. |
12 | # | | 12 | # |
13 | # New entries should be added at the end of this file. | | 13 | # New entries should be added at the end of this file. |
14 | # | | 14 | # |
| @@ -5162,27 +5162,26 @@ moodle<1.9.11 multiple-vulnerabilities | | | @@ -5162,27 +5162,26 @@ moodle<1.9.11 multiple-vulnerabilities |
5162 | pango<1.28.3nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0064 | | 5162 | pango<1.28.3nb3 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0064 |
5163 | tor<0.2.1.30 denial-of-service http://secunia.com/advisories/43548/ | | 5163 | tor<0.2.1.30 denial-of-service http://secunia.com/advisories/43548/ |
5164 | firefox<3.6.14 multiple-vulnerabilities http://secunia.com/advisories/43550/ | | 5164 | firefox<3.6.14 multiple-vulnerabilities http://secunia.com/advisories/43550/ |
5165 | seamonkey<2.0.12 multiple-vulnerabilities http://secunia.com/advisories/43550/ | | 5165 | seamonkey<2.0.12 multiple-vulnerabilities http://secunia.com/advisories/43550/ |
5166 | thunderbird<3.1.8 multiple-vulnerabilities http://secunia.com/advisories/43586/ | | 5166 | thunderbird<3.1.8 multiple-vulnerabilities http://secunia.com/advisories/43586/ |
5167 | weechat<0.3.4 spoofing-attack http://secunia.com/advisories/43543/ | | 5167 | weechat<0.3.4 spoofing-attack http://secunia.com/advisories/43543/ |
5168 | ap{2,22}-subversion<1.6.16 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715 | | 5168 | ap{2,22}-subversion<1.6.16 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0715 |
5169 | moodle<1.9.10 multiple-vulnerabilities http://secunia.com/advisories/43427/ | | 5169 | moodle<1.9.10 multiple-vulnerabilities http://secunia.com/advisories/43427/ |
5170 | openafs<1.4.14 multiple-vulnerabilities http://secunia.com/advisories/43407/ | | 5170 | openafs<1.4.14 multiple-vulnerabilities http://secunia.com/advisories/43407/ |
5171 | py{24,25,26,27,31}-moin<1.9.3nb1 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1058 | | 5171 | py{24,25,26,27,31}-moin<1.9.3nb1 arbitrary-code-execution http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1058 |
5172 | postfix<2.7.3 command-injection http://www.kb.cert.org/vuls/id/555316 | | 5172 | postfix<2.7.3 command-injection http://www.kb.cert.org/vuls/id/555316 |
5173 | postfix>=2.8.20100000<2.8.20110115 command-injection http://www.kb.cert.org/vuls/id/555316 | | 5173 | postfix>=2.8.20100000<2.8.20110115 command-injection http://www.kb.cert.org/vuls/id/555316 |
5174 | TeXmacs-[0-9]* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 | | 5174 | TeXmacs-[0-9]* privilege-escalation http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3394 |
5175 | hiawatha-[0-9]* multiple-vulnerabilities http://www.hiawatha-webserver.org/changelog | | | |
5176 | patch<2.7 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 | | 5175 | patch<2.7 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651 |
5177 | tiff<3.9.4nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 | | 5176 | tiff<3.9.4nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 |
5178 | suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022 | | 5177 | suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5022 |
5179 | suse{,32}_libtiff<11.3nb1 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087 | | 5178 | suse{,32}_libtiff<11.3nb1 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3087 |
5180 | suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 | | 5179 | suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0192 |
5181 | suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 | | 5180 | suse{,32}_libtiff<11.3nb2 remote-system-access http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1167 |
5182 | xulrunner<1.9.2.15 multiple-vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14 | | 5181 | xulrunner<1.9.2.15 multiple-vulnerabilities http://www.mozilla.org/security/known-vulnerabilities/firefox36.html#firefox3.6.14 |
5183 | apache-tomcat>=6<6.0.32 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534 | | 5182 | apache-tomcat>=6<6.0.32 denial-of-service http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0534 |
5184 | unixodbc<2.3.0nb1 remote-system-access http://secunia.com/advisories/43679/ | | 5183 | unixodbc<2.3.0nb1 remote-system-access http://secunia.com/advisories/43679/ |
5185 | webkit-gtk<1.2.7 multiple-vulnerabilities http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS | | 5184 | webkit-gtk<1.2.7 multiple-vulnerabilities http://gitorious.org/webkitgtk/stable/blobs/master/WebKit/gtk/NEWS |
5186 | sun-{jre,jdk}6<6.0.24 multiple-vulnerabilities http://secunia.com/advisories/43262/ | | 5185 | sun-{jre,jdk}6<6.0.24 multiple-vulnerabilities http://secunia.com/advisories/43262/ |
5187 | nagios-base<3.3.1 cross-site-scripting http://secunia.com/advisories/43287/ | | 5186 | nagios-base<3.3.1 cross-site-scripting http://secunia.com/advisories/43287/ |
5188 | libpurple<2.7.11 denial-of-service http://secunia.com/advisories/43695/ | | 5187 | libpurple<2.7.11 denial-of-service http://secunia.com/advisories/43695/ |
| @@ -25089,29 +25088,29 @@ xenkernel413-[0-9]* memory-leak https:// | | | @@ -25089,29 +25088,29 @@ xenkernel413-[0-9]* memory-leak https:// |
25089 | xenkernel413-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748 | | 25088 | xenkernel413-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748 |
25090 | xenkernel415-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748 | | 25089 | xenkernel415-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2022-33748 |
25091 | xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747 | | 25090 | xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747 |
25092 | xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747 | | 25091 | xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33747 |
25093 | xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746 | | 25092 | xenkernel413-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746 |
25094 | xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746 | | 25093 | xenkernel415-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2022-33746 |
25095 | epiphany-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-26081 | | 25094 | epiphany-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-26081 |
25096 | afl++-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26266 | | 25095 | afl++-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26266 |
25097 | glusterfs-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-26253 | | 25096 | glusterfs-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-26253 |
25098 | knot<5.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-26249 | | 25097 | knot<5.6 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-26249 |
25099 | jd-gui-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-26235 | | 25098 | jd-gui-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-26235 |
25100 | jd-gui-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2023-26234 | | 25099 | jd-gui-[0-9]* unspecified https://nvd.nist.gov/vuln/detail/CVE-2023-26234 |
25101 | glusterfs-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-48340 | | 25100 | glusterfs-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2022-48340 |
25102 | emacs-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48339 | | 25101 | emacs<29.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48339 |
25103 | emacs-[0-9]* arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48338 | | 25102 | emacs<29.1 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2022-48338 |
25104 | emacs-[0-9]* shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-48337 | | 25103 | emacs<29.1 shell-command-injection https://nvd.nist.gov/vuln/detail/CVE-2022-48337 |
25105 | zoneminder<1.36.33 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26039 | | 25104 | zoneminder<1.36.33 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2023-26039 |
25106 | zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26038 | | 25105 | zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26038 |
25107 | zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26037 | | 25106 | zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26037 |
25108 | zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26036 | | 25107 | zoneminder<1.36.33 local-file-inclusion https://nvd.nist.gov/vuln/detail/CVE-2023-26036 |
25109 | zoneminder<1.36.33 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-26035 | | 25108 | zoneminder<1.36.33 authentication-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-26035 |
25110 | zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26034 | | 25109 | zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26034 |
25111 | zoneminder<1.36.33 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-25825 | | 25110 | zoneminder<1.36.33 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2023-25825 |
25112 | zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26032 | | 25111 | zoneminder<1.36.33 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2023-26032 |
25113 | curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23915 | | 25112 | curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23915 |
25114 | curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23914 | | 25113 | curl>=7.57<7.88 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-23914 |
25115 | freeimage-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33367 | | 25114 | freeimage-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-33367 |
25116 | mantis<2.25.6 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-22476 | | 25115 | mantis<2.25.6 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-22476 |
25117 | libheif<1.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-0996 | | 25116 | libheif<1.15 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-0996 |