CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Mon, 23 Jun 2025 21:18:56 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Mon Jun 23 21:18:56 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: Add recent CVEs

+ ruby-nokogiri (not fixed, ACKed by upstream),
  tidy (not fixed and no feedbacks in upstream issues),
  sslh,
  hdf5 (not fixed)


To generate a diff of this commit:
cvs rdiff -u -r1.445 -r1.446 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.445 pkgsrc/doc/pkg-vulnerabilities:1.446
--- pkgsrc/doc/pkg-vulnerabilities:1.445        Sun Jun 22 19:46:16 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Mon Jun 23 21:18:56 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.445 2025/06/22 19:46:16 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.446 2025/06/23 21:18:56 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -27019,3 +27019,10 @@ php{56,73,74,80,81,82,83,84}-nextcloud>=
 php{56,73,74,80,81,82,83,84}-nextcloud<29.0.10         server-side-request-forgery             https://nvd.nist.gov/vuln/detail/CVE-2025-47791
 php{56,73,74,80,81,82,83,84}-nextcloud>=30<30.0.3      server-side-request-forgery             https://nvd.nist.gov/vuln/detail/CVE-2025-47791
 nextcloud-client<3.14.2                improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2024-52510
+ruby{31,32,33,34}-nokogiri-[0-9]*      heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-6490
+ruby{31,32,33,34}-nokogiri-[0-9]*      heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-6494
+tidy-[0-9]*    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-6496
+tidy-[0-9]*    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-6497
+tidy-[0-9]*    memory-leak             https://nvd.nist.gov/vuln/detail/CVE-2025-6498
+sslh<2.2.3     symlink-attack          https://nvd.nist.gov/vuln/detail/CVE-2025-52936
+hdf5-[0-9]*    heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-6516

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index