CVS commit: pkgsrc/doc

["Leonardo Taccari" <leot%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   leot
Date:           Sat May 31 16:50:14 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: + hdf5, jhead, liboqs, perl

hdf5 vulnerabilities probably not fixed and unclear if they were reported
upstream or not.
jhead not fixed.
perl vulnerability will be fixed in the next version.


To generate a diff of this commit:
cvs rdiff -u -r1.389 -r1.390 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.389 pkgsrc/doc/pkg-vulnerabilities:1.390
--- pkgsrc/doc/pkg-vulnerabilities:1.389        Thu May 29 21:08:48 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Sat May 31 16:50:14 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.389 2025/05/29 21:08:48 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.390 2025/05/31 16:50:14 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -26256,3 +26256,8 @@ tcpreplay<4.5.0 infinite-loop   https://nv
 apache-tomcat>=9<9.0.15                security-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-46701
 apache-tomcat>=10<10.1.41      security-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-46701
 apache-tomcat>=11<11.0.7       security-bypass https://nvd.nist.gov/vuln/detail/CVE-2025-46701
+hdf5-[0-9]*    heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-44904
+hdf5-[0-9]*    heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-44905
+jhead-[0-9]*   use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2025-44906
+liboqs<0.13.0  weak-cryptography       https://nvd.nist.gov/vuln/detail/CVE-2025-48946
+perl>=5.13.6   race-condition  https://nvd.nist.gov/vuln/detail/CVE-2025-40909