pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: wiz
Date: Sun Mar 3 12:55:49 UTC 2024
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: add upper bound for prometheus
The current prometheus is not using the vulnerable library any longer,
but I can't easily find out when that happened, so mark today's version
as fixed.
To generate a diff of this commit:
cvs rdiff -u -r1.143 -r1.144 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.143 pkgsrc/doc/pkg-vulnerabilities:1.144
--- pkgsrc/doc/pkg-vulnerabilities:1.143 Tue Feb 27 13:37:50 2024
+++ pkgsrc/doc/pkg-vulnerabilities Sun Mar 3 12:55:49 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.143 2024/02/27 13:37:50 tm Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.144 2024/03/03 12:55:49 wiz Exp $
#
#FORMAT 1.0.0
#
@@ -21538,7 +21538,7 @@ php{56,72,73,74,80}-nextcloud<21.0.3 inf
php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-32680
php{56,72,73,74,80}-nextcloud<21.0.3 remote-security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-32678
php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-32679
-prometheus-[0-9]* insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538
+prometheus<2.50.1 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538
grafana-[0-9]* insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538
apache-ant<1.9.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-36373
apache-ant>=1.10<1.10.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-36373
Home |
Main Index |
Thread Index |
Old Index