CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Thu, 9 Oct 2025 13:05:41 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Thu Oct  9 13:05:41 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add old CVE entries for PKGNAME starting with a

+ apache-cassandra, apache-roller, apache-tomcat, apache24, ark, arti, asio,
  assimp (CVE-2024-46632, CVE-2024-48426, CVE-2025-2752, CVE-2025-2753,
  CVE-2025-2754, CVE-2025-2755, CVE-2025-2756, CVE-2025-3549 not fixed),
  asterisk, atril,
  augeas (fixed upstream, latest release 1.14.1 affected),
  authelia, avahi


To generate a diff of this commit:
cvs rdiff -u -r1.592 -r1.593 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.592 pkgsrc/doc/pkg-vulnerabilities:1.593
--- pkgsrc/doc/pkg-vulnerabilities:1.592        Thu Oct  9 08:31:35 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Thu Oct  9 13:05:41 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.592 2025/10/09 08:31:35 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.593 2025/10/09 13:05:41 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -27788,3 +27788,103 @@ matrix-synapse<1.139.2        input-validation        
 binutils<2.46  out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-11494
 binutils<2.46  heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-11495
 python39-[0-9]*        eol     https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
+apache-cassandra>=4<4.0.15     man-in-the-middle       https://nvd.nist.gov/vuln/detail/CVE-2024-27137
+apache-cassandra<3.11.18       privilege-escalation    https://nvd.nist.gov/vuln/detail/CVE-2025-23015
+apache-cassandra>=4<4.0.       improper-authorization  https://nvd.nist.gov/vuln/detail/CVE-2025-24860
+apache-roller<6.1.3    input-validation                https://nvd.nist.gov/vuln/detail/CVE-2024-25090
+apache-roller<6.1.4    cross-site-request-forgery      https://nvd.nist.gov/vuln/detail/CVE-2024-46911
+apache-roller<6.1.5    improper-session-handling       https://nvd.nist.gov/vuln/detail/CVE-2025-24859
+apache-tomcat<8.5.88           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-28709
+apache-tomcat>=9<9.0.74                denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-28709
+apache-tomcat>=10<10.1.8       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-28709
+apache-tomcat<8.5.86           information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2023-34981
+apache-tomcat>=9<9.0.75                information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2023-34981
+apache-tomcat>=10<10.1.9       information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2023-34981
+apache-tomcat<8.5.94           sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2023-42795
+apache-tomcat>=9<9.0.81                sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2023-42795
+apache-tomcat>=10<10.1.14      sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2023-42795
+apache-tomcat<8.5.94           http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-45648
+apache-tomcat>=9<9.0.81                http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-45648
+apache-tomcat>=10<10.1.14      http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-45648
+apache-tomcat<8.5.96           http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-46589
+apache-tomcat>=9<9.0.83                http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-46589
+apache-tomcat>=10<10.1.16      http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-46589
+apache-tomcat<8.5.99           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-23672
+apache-tomcat>=9<9.0.86                denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-23672
+apache-tomcat>=10<10.1.19      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-23672
+apache-tomcat<8.5.99           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-24549
+apache-tomcat>=9<9.0.86                denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-24549
+apache-tomcat>=10<10.1.19      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-24549
+apache-tomcat<9.0.90           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-34750
+apache-tomcat>=10<10.1.25      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-34750
+apache-tomcat<9.0.90           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-38286
+apache-tomcat>=10<10.1.25      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-38286
+apache-tomcat<9.0.98           remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2024-50379
+apache-tomcat>=10<10.1.34      remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2024-50379
+apache-tomcat<9.0.96           sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-52317
+apache-tomcat>=10<10.1.31      sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-52317
+apache-tomcat<9.0.97           cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2024-52318
+apache-tomcat>=10<10.1.32      cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2024-52318
+apache-tomcat<9.0.98           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-54677
+apache-tomcat>=10<10.1.34      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-54677
+apache-tomcat<9.0.99           race-condition  https://nvd.nist.gov/vuln/detail/CVE-2024-56337
+apache-tomcat>=10<10.1.35      race-condition  https://nvd.nist.gov/vuln/detail/CVE-2024-56337
+apache-tomcat<9.0.99           remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2025-24813
+apache-tomcat>=10<10.1.35      remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2025-24813
+apache-tomcat<9.0.104          denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31650
+apache-tomcat>=10<10.1.40      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31650
+apache<2.4.59  http-response-splitting https://nvd.nist.gov/vuln/detail/CVE-2023-38709
+apache<2.4.59  http-response-splitting https://nvd.nist.gov/vuln/detail/CVE-2024-24795
+apache<2.4.59  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-27316
+ark<24.12.0    arbitrary-file-write    https://nvd.nist.gov/vuln/detail/CVE-2024-57966
+arti<1.2.3     input-validation        https://nvd.nist.gov/vuln/detail/CVE-2024-35312
+arti<1.2.3     input-validation        https://nvd.nist.gov/vuln/detail/CVE-2024-35313
+asio<1.13.0    unspecified     https://nvd.nist.gov/vuln/detail/CVE-2019-25219
+assimp<5.4.2   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-40724
+assimp<5.4.3   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-45679
+assimp-[0-9]*  buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-46632
+assimp<6.0.0   use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2024-48423
+assimp<6.0.0   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-48424
+assimp<6.0.0   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-48425
+assimp-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-48426
+assimp<6.0.0   stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2025-2151
+assimp<6.0.0   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-2152
+assimp<6.0.0   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-2591
+assimp<6.0.0   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-2592
+assimp-[0-9]*  out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-2752
+assimp-[0-9]*  out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-2753
+assimp-[0-9]*  heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-2754
+assimp-[0-9]*  out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-2755
+assimp-[0-9]*  heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-2756
+assimp<6.0.0   out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-3015
+assimp<6.0.0   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-3016
+assimp<6.0.0   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-3159
+assimp<6.0.0   out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-3160
+assimp<6.0.0   stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2025-3196
+assimp-[0-9]*  heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-3549
+asterisk<18.20.1       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37457
+asterisk>=20<20.5.1    buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37457
+asterisk>=21<21.0.1    buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-37457
+asterisk<18.20.1       path-traversal  https://nvd.nist.gov/vuln/detail/CVE-2023-49294
+asterisk>=20<20.5.1    path-traversal  https://nvd.nist.gov/vuln/detail/CVE-2023-49294
+asterisk>=21<21.0.1    path-traversal  https://nvd.nist.gov/vuln/detail/CVE-2023-49294
+asterisk<18.23.1       improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2024-35190
+asterisk>=20<20.8.1    improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2024-35190
+asterisk>=21<21.3.1    improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2024-35190
+asterisk<18.24.2       privilege-escalation    https://nvd.nist.gov/vuln/detail/CVE-2024-42365
+asterisk>=20<20.9.2    privilege-escalation    https://nvd.nist.gov/vuln/detail/CVE-2024-42365
+asterisk>=21<21.4.2    privilege-escalation    https://nvd.nist.gov/vuln/detail/CVE-2024-42365
+asterisk<18.24.3       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-42491
+asterisk>=20<20.9.3    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-42491
+asterisk>=21<21.4.3    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-42491
+asterisk<18.26.1       directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+asterisk>=20<20.11.1   directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+asterisk>=21<21.6.1    directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+asterisk>=22<22.1.1    directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-53566
+atril<1.27.1   command-injection       https://nvd.nist.gov/vuln/detail/CVE-2023-51698
+atril<1.26.2   path-traversal  https://nvd.nist.gov/vuln/detail/CVE-2023-52076
+augeas-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-2588
+authelia<4.38.19       brute-force-attack      https://nvd.nist.gov/vuln/detail/CVE-2025-24806
+avahi<0.9      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-1981
+avahi<0.9      insufficiently-random-numbers   https://nvd.nist.gov/vuln/detail/CVE-2024-52615
+avahi<0.9      insufficiently-random-numbers   https://nvd.nist.gov/vuln/detail/CVE-2024-52616

Prev by Date: CVS commit: pkgsrc/sysutils/u-boot-d1-nezha
Next by Date: CVS commit: pkgsrc/devel/py-e3-testsuite
Previous by Thread: CVS commit: pkgsrc/sysutils/u-boot-d1-nezha
Next by Thread: CVS commit: pkgsrc/devel/py-e3-testsuite
Indexes:

Home | Main Index | Thread Index | Old Index