pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: leot
Date: Thu Oct 9 13:05:41 UTC 2025
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: add old CVE entries for PKGNAME starting with a
+ apache-cassandra, apache-roller, apache-tomcat, apache24, ark, arti, asio,
assimp (CVE-2024-46632, CVE-2024-48426, CVE-2025-2752, CVE-2025-2753,
CVE-2025-2754, CVE-2025-2755, CVE-2025-2756, CVE-2025-3549 not fixed),
asterisk, atril,
augeas (fixed upstream, latest release 1.14.1 affected),
authelia, avahi
To generate a diff of this commit:
cvs rdiff -u -r1.592 -r1.593 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.592 pkgsrc/doc/pkg-vulnerabilities:1.593
--- pkgsrc/doc/pkg-vulnerabilities:1.592 Thu Oct 9 08:31:35 2025
+++ pkgsrc/doc/pkg-vulnerabilities Thu Oct 9 13:05:41 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.592 2025/10/09 08:31:35 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.593 2025/10/09 13:05:41 leot Exp $
#
#FORMAT 1.0.0
#
@@ -27788,3 +27788,103 @@ matrix-synapse<1.139.2 input-validation
binutils<2.46 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-11494
binutils<2.46 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-11495
python39-[0-9]* eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
+apache-cassandra>=4<4.0.15 man-in-the-middle https://nvd.nist.gov/vuln/detail/CVE-2024-27137
+apache-cassandra<3.11.18 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-23015
+apache-cassandra>=4<4.0. improper-authorization https://nvd.nist.gov/vuln/detail/CVE-2025-24860
+apache-roller<6.1.3 input-validation https://nvd.nist.gov/vuln/detail/CVE-2024-25090
+apache-roller<6.1.4 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2024-46911
+apache-roller<6.1.5 improper-session-handling https://nvd.nist.gov/vuln/detail/CVE-2025-24859
+apache-tomcat<8.5.88 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-28709
+apache-tomcat>=9<9.0.74 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-28709
+apache-tomcat>=10<10.1.8 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-28709
+apache-tomcat<8.5.86 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-34981
+apache-tomcat>=9<9.0.75 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-34981
+apache-tomcat>=10<10.1.9 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-34981
+apache-tomcat<8.5.94 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-42795
+apache-tomcat>=9<9.0.81 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-42795
+apache-tomcat>=10<10.1.14 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2023-42795
+apache-tomcat<8.5.94 http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2023-45648
+apache-tomcat>=9<9.0.81 http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2023-45648
+apache-tomcat>=10<10.1.14 http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2023-45648
+apache-tomcat<8.5.96 http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2023-46589
+apache-tomcat>=9<9.0.83 http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2023-46589
+apache-tomcat>=10<10.1.16 http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2023-46589
+apache-tomcat<8.5.99 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23672
+apache-tomcat>=9<9.0.86 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23672
+apache-tomcat>=10<10.1.19 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-23672
+apache-tomcat<8.5.99 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24549
+apache-tomcat>=9<9.0.86 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24549
+apache-tomcat>=10<10.1.19 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-24549
+apache-tomcat<9.0.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-34750
+apache-tomcat>=10<10.1.25 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-34750
+apache-tomcat<9.0.90 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-38286
+apache-tomcat>=10<10.1.25 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-38286
+apache-tomcat<9.0.98 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-50379
+apache-tomcat>=10<10.1.34 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2024-50379
+apache-tomcat<9.0.96 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-52317
+apache-tomcat>=10<10.1.31 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2024-52317
+apache-tomcat<9.0.97 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-52318
+apache-tomcat>=10<10.1.32 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2024-52318
+apache-tomcat<9.0.98 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-54677
+apache-tomcat>=10<10.1.34 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-54677
+apache-tomcat<9.0.99 race-condition https://nvd.nist.gov/vuln/detail/CVE-2024-56337
+apache-tomcat>=10<10.1.35 race-condition https://nvd.nist.gov/vuln/detail/CVE-2024-56337
+apache-tomcat<9.0.99 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2025-24813
+apache-tomcat>=10<10.1.35 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2025-24813
+apache-tomcat<9.0.104 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-31650
+apache-tomcat>=10<10.1.40 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-31650
+apache<2.4.59 http-response-splitting https://nvd.nist.gov/vuln/detail/CVE-2023-38709
+apache<2.4.59 http-response-splitting https://nvd.nist.gov/vuln/detail/CVE-2024-24795
+apache<2.4.59 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-27316
+ark<24.12.0 arbitrary-file-write https://nvd.nist.gov/vuln/detail/CVE-2024-57966
+arti<1.2.3 input-validation https://nvd.nist.gov/vuln/detail/CVE-2024-35312
+arti<1.2.3 input-validation https://nvd.nist.gov/vuln/detail/CVE-2024-35313
+asio<1.13.0 unspecified https://nvd.nist.gov/vuln/detail/CVE-2019-25219
+assimp<5.4.2 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-40724
+assimp<5.4.3 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-45679
+assimp-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-46632
+assimp<6.0.0 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2024-48423
+assimp<6.0.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-48424
+assimp<6.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-48425
+assimp-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-48426
+assimp<6.0.0 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-2151
+assimp<6.0.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-2152
+assimp<6.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-2591
+assimp<6.0.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-2592
+assimp-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-2752
+assimp-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-2753
+assimp-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-2754
+assimp-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-2755
+assimp-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-2756
+assimp<6.0.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-3015
+assimp<6.0.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-3016
+assimp<6.0.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-3159
+assimp<6.0.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-3160
+assimp<6.0.0 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-3196
+assimp-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-3549
+asterisk<18.20.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37457
+asterisk>=20<20.5.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37457
+asterisk>=21<21.0.1 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37457
+asterisk<18.20.1 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-49294
+asterisk>=20<20.5.1 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-49294
+asterisk>=21<21.0.1 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-49294
+asterisk<18.23.1 improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2024-35190
+asterisk>=20<20.8.1 improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2024-35190
+asterisk>=21<21.3.1 improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2024-35190
+asterisk<18.24.2 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2024-42365
+asterisk>=20<20.9.2 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2024-42365
+asterisk>=21<21.4.2 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2024-42365
+asterisk<18.24.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-42491
+asterisk>=20<20.9.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-42491
+asterisk>=21<21.4.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-42491
+asterisk<18.26.1 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+asterisk>=20<20.11.1 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+asterisk>=21<21.6.1 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+asterisk>=22<22.1.1 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+atril<1.27.1 command-injection https://nvd.nist.gov/vuln/detail/CVE-2023-51698
+atril<1.26.2 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2023-52076
+augeas-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-2588
+authelia<4.38.19 brute-force-attack https://nvd.nist.gov/vuln/detail/CVE-2025-24806
+avahi<0.9 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2023-1981
+avahi<0.9 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2024-52615
+avahi<0.9 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2024-52616
Home |
Main Index |
Thread Index |
Old Index