CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Thu, 29 May 2025 08:09:27 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Thu May 29 08:09:27 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: Add recent vulnerabilities

Add openssl, asterisk, grafana and cJSON vulnerabilities.


To generate a diff of this commit:
cvs rdiff -u -r1.381 -r1.382 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.381 pkgsrc/doc/pkg-vulnerabilities:1.382
--- pkgsrc/doc/pkg-vulnerabilities:1.381        Thu May 29 07:59:15 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Thu May 29 08:09:27 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.381 2025/05/29 07:59:15 kim Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.382 2025/05/29 08:09:27 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -26202,3 +26202,14 @@ ghostscript-gpl-[0-9]*         passphrase-leaka
 ghostscript-agpl<10.05.1               passphrase-leakage              https://nvd.nist.gov/vuln/detail/CVE-2025-48708
 libxslt<1.1.43 use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2025-24855
 coreutils<9.6nb1               heap-overflow   https://cgit.git.savannah.gnu.org/cgit/coreutils.git/commit/?id=8c9602e3a145e9596dc1a63c6ed67865814b6633
+openssl>=3.5<3.5.1     improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2025-4575
+asterisk<18.26.2       email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-2025-47779
+asterisk>=20<20.14.1   email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-2025-47779
+asterisk>=21<21.9.1    email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-2025-47779
+asterisk>=22<22.4.1    email-spoofing  https://nvd.nist.gov/vuln/detail/CVE-2025-47779
+asterisk<18.26.2       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-47780
+asterisk>=20<20.14.1   command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-47780
+asterisk>=21<21.9.1    command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-47780
+asterisk>=22<22.4.1    command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-47780
+grafana<11.2.10                improper-access-control https://nvd.nist.gov/vuln/detail/CVE-2025-3580
+cJSON<1.7.18           heap-buffer-overflow    https://nvd.nist.gov/vuln/detail/CVE-2023-53154

Prev by Date: CVS commit: pkgsrc/mk
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/mk
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index