CVS commit: pkgsrc/doc

["Leonardo Taccari" <leot%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   leot
Date:           Thu Aug 14 13:16:33 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add (last part of) last days CVEs

+ jasper,
  libxml2 (not fixed / not easily reproducible, discussion in progress on
  upstream issue <https://gitlab.gnome.org/GNOME/libxml2/-/issues/958>),
  nasm (reported upstream, no responses at the moment),
  openjpeg (CVE-2025-54874 fixed upstream but no stable release with the fix at
  the moment),
  p5-Catalyst-Authentication-Credential-HTTP (fixed upstream, will be available
  in the next version not yet released),
  php-adodb, php-concrete-cms,
  poco (discussion in progress, possibly disputed, keep the wildcard for the
  moment),
  tiff (CVE-2025-8534 fixed upstream but no release with fix at the moment),
  u-boot (no information from upstream, unclear if reported),
  uv, vault


To generate a diff of this commit:
cvs rdiff -u -r1.498 -r1.499 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.498 pkgsrc/doc/pkg-vulnerabilities:1.499
--- pkgsrc/doc/pkg-vulnerabilities:1.498        Thu Aug 14 12:57:51 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Thu Aug 14 13:16:32 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.498 2025/08/14 12:57:51 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.499 2025/08/14 13:16:32 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -27320,3 +27320,24 @@ gst-plugins1-base<1.26.2       denial-of-servi
 h2o-[0-9]*                     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-8671
 varnish<6.0.15                 denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-8671
 varnish>=7<7.7.2               denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-8671
+jasper<4.2.6   null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-8835
+jasper<4.2.7   denial-of-service               https://nvd.nist.gov/vuln/detail/CVE-2025-8836
+jasper<4.2.8   use-after-free                  https://nvd.nist.gov/vuln/detail/CVE-2025-8837
+libxml2-[0-9]* denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-8732
+nasm-[0-9]*    use-after-free          https://nvd.nist.gov/vuln/detail/CVE-2025-8842
+nasm-[0-9]*    heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-8843
+nasm-[0-9]*    null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-8844
+nasm-[0-9]*    stack-overflow          https://nvd.nist.gov/vuln/detail/CVE-2025-8845
+nasm-[0-9]*    stack-overflow          https://nvd.nist.gov/vuln/detail/CVE-2025-8846
+openjpeg<2.5.1 null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-50952
+openjpeg-[0-9]*        heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-54874
+p5-Catalyst-Authentication-Credential-HTTP<1.019       weak-cryptography       https://nvd.nist.gov/vuln/detail/CVE-2025-40920
+php{56,74,81,82,83,84}-adodb<5.22.10   sql-injection   https://nvd.nist.gov/vuln/detail/CVE-2025-54119
+php{56,74,81,82,83,84}-concrete-cms<9.4.3      cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2025-8571
+php{56,74,81,82,83,84}-concrete-cms<9.4.3      cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2025-8573
+poco-[0-9]*    weak-encryption https://nvd.nist.gov/vuln/detail/CVE-2025-45766
+tiff-[0-9]*    null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-8534
+tiff<4.7.0     stack-overflow                  https://nvd.nist.gov/vuln/detail/CVE-2025-8851
+u-boot-[0-9]*  arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2025-45512
+uv<0.8.6       input-validation                https://nvd.nist.gov/vuln/detail/CVE-2025-54368
+vault<1.20.2   authentication-bypass           https://nvd.nist.gov/vuln/detail/CVE-2025-6013