pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: leot
Date: Thu Feb 26 08:26:37 UTC 2026
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: re-add last week CVEs
Redo commit 1.737 properly without deleting comments.
+ KeePass,
SOGo (no upstream and/or further details, assume not fixed),
admesh (not fixed),
apache-tomcat, caddy, calibre, chromium,
clamav (no upstream information, assume not fixed),
coturn, curl, dropbear, erlang, ffmpeg, gimp, grafana,
gsoap (no upstream information, assume not fixed),
hdf5, janet, jenkins,
libde265 (fixed upstream, latest stable release 1.0.16 affected),
libjxl,
libsixel (fixed upstream, latest stable release 1.8.7 affected),
libsoup,
libvips (fixed upstream, latest stable release 8.18.0 affected),
metabase,
minisat (not fixed),
moodle, nats-server,
openbabel (not fixed),
openexr, p5-Crypt-URandom, p5-Image-ExifTool,
php-owncloud (no upstream information, assume not fixed),
php-piwigo (CVE-2025-62512 not fixed),
postgresql-server,
py-Pillow, py-flask, py-nltk, py-pdf, py-werkzeug,
qemu (possible patches under discussion),
re2c (fixed upstream, latest stable release 4.4 affected),
ruby-rack, tiff, vaultwarden, vim, yt-dlp, zlib,
zoneminder (CVE-2025-65791 not fixed).
Thanks <wiz>!
To generate a diff of this commit:
cvs rdiff -u -r1.738 -r1.739 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.738 pkgsrc/doc/pkg-vulnerabilities:1.739
--- pkgsrc/doc/pkg-vulnerabilities:1.738 Thu Feb 26 08:24:44 2026
+++ pkgsrc/doc/pkg-vulnerabilities Thu Feb 26 08:26:37 2026
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.738 2026/02/26 08:24:44 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.739 2026/02/26 08:26:37 leot Exp $
#
#FORMAT 1.0.0
#
@@ -29825,3 +29825,137 @@ ImageMagick<7.1.2.15 heap-overflow http
ImageMagick6<6.9.13.40 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-26284
ImageMagick<7.1.2.15 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2026-26983
ImageMagick6<6.9.13.40 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2026-26983
+KeePass<2.44 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2020-37178
+SOGo-[0-9]* cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-3054
+admesh-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2653
+apache-tomcat<9.0.113 input-validation https://nvd.nist.gov/vuln/detail/CVE-2025-66614
+apache-tomcat>=10<10.1.50 input-validation https://nvd.nist.gov/vuln/detail/CVE-2025-66614
+apache-tomcat>=11<11.0.15 input-validation https://nvd.nist.gov/vuln/detail/CVE-2025-66614
+apache-tomcat<9.0.113 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24733
+apache-tomcat>=10<10.1.50 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24733
+apache-tomcat>=11<11.0.15 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24733
+apache-tomcat<9.0.115 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24734
+apache-tomcat>=10<10.1.52 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24734
+apache-tomcat>=11<11.0.18 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24734
+caddy<2.11.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-27585
+caddy<2.11.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-27586
+caddy<2.11.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-27587
+caddy<2.11.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-27588
+caddy<2.11.1 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2026-27589
+caddy<2.11.1 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-27590
+calibre<9.3.0 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-26064
+calibre<9.3.0 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-26065
+chromium<145.0.7632.45 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-2313
+chromium<145.0.7632.45 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-2314
+chromium<145.0.7632.45 out-of-bounds-access https://nvd.nist.gov/vuln/detail/CVE-2026-2315
+chromium<145.0.7632.45 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2026-2316
+chromium<145.0.7632.45 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-2317
+chromium<145.0.7632.45 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2026-2318
+chromium<145.0.7632.45 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2026-2319
+chromium<145.0.7632.45 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2026-2320
+chromium<145.0.7632.45 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-2321
+chromium<145.0.7632.45 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2026-2322
+chromium<145.0.7632.45 ui-spoofing https://nvd.nist.gov/vuln/detail/CVE-2026-2323
+chromium<145.0.7632.75 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2026-2441
+chromium<145.0.7632.109 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-2648
+chromium<145.0.7632.109 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-2649
+chromium<145.0.7632.109 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2650
+chromium<145.0.7632.116 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-3061
+chromium<145.0.7632.116 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-3062
+chromium<145.0.7632.116 code-injection https://nvd.nist.gov/vuln/detail/CVE-2026-3063
+clamav-[0-9]* code-injection https://nvd.nist.gov/vuln/detail/CVE-2020-37167
+coturn<4.9.0 improper-access-control https://nvd.nist.gov/vuln/detail/CVE-2026-27624
+curl<8.18.0 arbitrary-file-overwrite https://nvd.nist.gov/vuln/detail/CVE-2025-11563
+dropbear>=2024.84<2025.88 privilege-escalation https://nvd.nist.gov/vuln/detail/CVE-2025-14282
+erlang<27.3.4.8 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-21620
+ffmpeg7<7.1.2 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-10256
+ffmpeg8<8.0 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-10256
+ffmpeg7<7.1.2 double-free https://nvd.nist.gov/vuln/detail/CVE-2025-12343
+ffmpeg8<8.1 double-free https://nvd.nist.gov/vuln/detail/CVE-2025-12343
+gimp<3.0.8 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-0797
+gimp<3.0.8 remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-2044
+gimp<3.0.8 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-2045
+gimp<3.0.8 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2047
+gimp<3.0.8 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-2048
+grafana<12.2.0 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2025-41117
+grafana<12.2.0 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-21722
+gsoap-[0-9]* path-traversal https://nvd.nist.gov/vuln/detail/CVE-2019-25355
+hdf5<1.14.4.2 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-26200
+janet<1.41.0 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-2869
+jenkins<2.551 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-27099
+jenkins<2.551 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-27100
+libde265-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-61147
+libjxl<0.11.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-12474
+libjxl<0.11.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-1837
+libsixel<1.8.8 memory-leak https://nvd.nist.gov/vuln/detail/CVE-2025-61146
+libsoup<3.6.6 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-2443
+libvips-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2913
+libvips-[0-9]* memory-corruption https://nvd.nist.gov/vuln/detail/CVE-2026-3145
+libvips-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-3146
+libvips-[0-9]* heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-3147
+metabase<0.58.7 code-injection https://nvd.nist.gov/vuln/detail/CVE-2026-27464
+minisat-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-2644
+moodle<5.0.5 code-injection https://nvd.nist.gov/vuln/detail/CVE-2026-26045
+moodle<5.0.5 command-injection https://nvd.nist.gov/vuln/detail/CVE-2026-26046
+moodle<5.0.5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-26047
+nats-server<2.12.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27571
+openbabel-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-2704
+openbabel-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-2705
+openexr<3.4.5 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-26981
+p5-Crypt-URandom<0.55 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2474
+p5-Image-ExifTool<13.50 command-injection https://nvd.nist.gov/vuln/detail/CVE-2026-3102
+php{56,74,81,82,83,84}-owncloud-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2019-25337
+php{56,74,81,82,83,84}-piwigo<15.0.0 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2024-48928
+php{56,74,81,82,83,84}-piwigo-[0-9]* information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-62512
+postgresql-server<14.21 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2003
+postgresql-server>=15<15.16 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2003
+postgresql-server>=16<16.12 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2003
+postgresql-server>=17<17.8 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2003
+postgresql-server>=18<18.2 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2003
+postgresql-server<14.21 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=15<15.16 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=15<15.16 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=15<15.16 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=15<15.16 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=15<15.16 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=16<16.12 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=17<17.8 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server>=18<18.2 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-2004
+postgresql-server<14.21 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2005
+postgresql-server>=15<15.16 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2005
+postgresql-server>=16<16.12 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2005
+postgresql-server>=17<17.8 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2005
+postgresql-server>=17<17.8 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2005
+postgresql-server>=18<18.2 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2005
+postgresql-server<14.21 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-2006
+postgresql-server>=15<15.16 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-2006
+postgresql-server>=16<16.12 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-2006
+postgresql-server>=17<17.8 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-2006
+postgresql-server>=18<18.2 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2026-2006
+postgresql-server>=18<18.2 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2007
+py{27,310,311,312,313,314}-Pillow<12.1.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-25990
+py{27,310,311,312,313,314}-flask<3.1.3 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-27205
+py{27,310,311,312,313,314}-nltk<3.9.3 arbitrary-code-execution https://nvd.nist.gov/vuln/detail/CVE-2025-14009
+py{27,310,311,312,313,314}-pdf<6.7.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27024
+py{27,310,311,312,313,314}-pdf<6.7.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27025
+py{27,310,311,312,313,314}-pdf<6.7.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27026
+py{27,310,311,312,313,314}-pdf<6.7.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27628
+py{27,310,311,312,313,314}-werkzeug<3.1.6 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-27199
+qemu-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2025-14876
+qemu<10.1.0 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-8860
+qemu-[0-9]* out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-0665
+qemu-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-2243
+re2c-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-2903
+ruby{32,33,34,40}-rack2<2.2.22 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-22860
+ruby{32,33,34,40}-rack<3.2.5 path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-22860
+ruby{32,33,34,40}-rack2<2.2.22 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-25500
+ruby{32,33,34,40}-rack<3.2.5 cross-site-scripting https://nvd.nist.gov/vuln/detail/CVE-2026-25500
+tiff<4.7.1 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-61143
+tiff<4.7.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-61144
+tiff<4.7.1 double-free https://nvd.nist.gov/vuln/detail/CVE-2025-61145
+vaultwarden<1.35.3 improper-authorization https://nvd.nist.gov/vuln/detail/CVE-2026-26012
+vim<9.1.2148 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-26269
+yt-dlp<2026.02.21 command-injection https://nvd.nist.gov/vuln/detail/CVE-2026-26331
+zlib<1.3.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27171
+zoneminder-[0-9]* command-injection https://nvd.nist.gov/vuln/detail/CVE-2025-65791
+zoneminder<1.38.1 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-27470
Home |
Main Index |
Thread Index |
Old Index