gnurl: Add file on CVEs.

To: pkgsrc-wip-changes%NetBSD.org@localhost
Subject: gnurl: Add file on CVEs.
From: nikita <nikita%NetBSD.org@localhost>
Date: Fri, 01 Apr 2022 09:40:36 +0000

Module Name:	pkgsrc-wip
Committed By:	nikita <nikita%NetBSD.org@localhost>
Pushed By:	nikita
Date:		Fri Apr 1 11:40:36 2022 +0200
Changeset:	b4053d45610956b0b04e1bac3aea487e9b4a0a85

Added Files:
	gnurl/gnurl-CVEs

Log Message:
gnurl: Add file on CVEs.

To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=b4053d45610956b0b04e1bac3aea487e9b4a0a85

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

diffstat:
 gnurl/gnurl-CVEs | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diffs:
diff --git a/gnurl/gnurl-CVEs b/gnurl/gnurl-CVEs
new file mode 100644
index 0000000000..ace2edbd4e
--- /dev/null
+++ b/gnurl/gnurl-CVEs
@@ -0,0 +1,22 @@
+This is an outdated, currently unmaintained software.
+The following is a list of CVEs checked against since its
+last release (7.72.0) against an upstream CVE list up until
+7.82.0 with no warranty of completion or correctness.
+
+CVE-2020-8286 (fixed in cURL 7.74.0) does not apply (only applies if the designated TLS Backend is OpenSSL).
+CVE-2020-8284 (fixed in cURL 7.74.0) does not apply, as gnurl is built without FTP support.
+CVE-2020-8285 (fixed in cURL 7.74.0) most likely does not apply for the same reason.
+CVE-2021-22876 (fixed in cURL 7.76.0) does not apply in the upstream user wip/gnunet, as it makes no use of CURLOPT_AUTOREFERER.
+CVE-2021-22890: ?
+CVE-2021-22897 (fixed in cURL 7.61.0) does not apply in the upstream user wip/gnunet, as it makes no use of CURLOPT_SSL_CIPHER_LIST.
+CVE-2021-22898 (fixed in cURL 7.61.0) does not apply, as gnurl is built without Telnet support.
+CVE-2021-22901 (fixed in cURL 7.77.0) does not apply, as gnurl is built without OpenSSL.
+CVE-2021-22924: ?
+CVE-2021-22926 (fixed in cURL 7.78.0) most likely does not apply, as gnurl does not support being built on macOS built to use Secure Transport.
+CVE-2021-22922 (fixed in cURL 7.78.0) does not apply, as gnurl is built without libmetalink.
+CVE-2021-22923 (fixed in cURL 7.78.0) does not apply, as gnurl is built without libmetalink.
+CVE-2021-22924 (fixed in cURL 7.78.0): ?
+CVE-2021-22925 (fixed in cURL 7.78.0) does not apply, as gnurl is built without Telnet support.
+CVE-2021-22945 (fixed in cURL 7.79.0) does not apply, as the current gnurl release is based on curl 7.72.0 and did not enable experimental features.
+CVE-2021-22946 (fixed in cURL 7.79.0): ?
+CVE-2021-22947 (fixed in cURL 7.79.0) does not apply, as gnurl is built without IMAP, POP3, SMTP and FTP support.
\ No newline at end of file

Prev by Date: helix: version distfiles
Next by Date: helix: how to mv sources
Previous by Thread: helix: version distfiles
Next by Thread: helix: how to mv sources
Indexes:

Home | Main Index | Thread Index | Old Index