pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: he
Date: Tue Feb 13 13:59:36 UTC 2024
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
Add the two new entries for unbound:
CVE-2023-50387, DNSSEC verification complexity can be exploited to
exhaust CPU resources and stall DNS resolvers.
and
CVE-2023-50868, NSEC3 closest encloser proof can exhaust CPU.
Nist doesn't have those yet, so use cve.mitre.org (even though
they are only "candidate CVEs" there at the time of this commit.
To generate a diff of this commit:
cvs rdiff -u -r1.124 -r1.125 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.124 pkgsrc/doc/pkg-vulnerabilities:1.125
--- pkgsrc/doc/pkg-vulnerabilities:1.124 Mon Feb 12 08:54:31 2024
+++ pkgsrc/doc/pkg-vulnerabilities Tue Feb 13 13:59:36 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.124 2024/02/12 08:54:31 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.125 2024/02/13 13:59:36 he Exp $
#
#FORMAT 1.0.0
#
@@ -25880,3 +25880,5 @@ postgresql-server>=14<14.11 arbitrary-co
postgresql-server>=15<15.6 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
postgresql-server>=16<16.2 arbitrary-command-execution https://nvd.nist.gov/vuln/detail/CVE-2024-0985
asterisk-13.* eol http://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
+unbound<1.19.1 denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50387
+unbound<1.19.1 denial-of-service https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-50868
Home |
Main Index |
Thread Index |
Old Index