CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Tue, 15 Jul 2025 09:44:20 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Tue Jul 15 09:44:19 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: Add recent CVEs

+ ImageMagick{6,}, php, php-pgsql, php-soap,
  polkit (fixed upstream, latest stable release 126 not fixed),
  py-aiohttp, roundup


To generate a diff of this commit:
cvs rdiff -u -r1.467 -r1.468 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.467 pkgsrc/doc/pkg-vulnerabilities:1.468
--- pkgsrc/doc/pkg-vulnerabilities:1.467        Mon Jul 14 13:06:47 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Tue Jul 15 09:44:19 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.467 2025/07/14 13:06:47 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.468 2025/07/15 09:44:19 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -27138,3 +27138,27 @@ ruby32-base<3.2.8nb1   denial-of-service       h
 ruby33<3.3.8nb1                denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-24294
 ruby34<3.3.4nb2                denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-24294
 libvpx<1.15.2          memory-corruption       https://nvd.nist.gov/vuln/detail/CVE-2025-5283
+ImageMagick6<6.9.13.26 heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-53014
+ImageMagick<7.1.2.0    heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-53014
+ImageMagick<7.1.2.0    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-53015
+ImageMagick6<6.9.13.26 memory-leak             https://nvd.nist.gov/vuln/detail/CVE-2025-53019
+ImageMagick<7.1.2.0    memory-leak             https://nvd.nist.gov/vuln/detail/CVE-2025-53019
+ImageMagick6<6.9.13.26 stack-overflow          https://nvd.nist.gov/vuln/detail/CVE-2025-53101
+sImageMagick<7.1.2.0   tack-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-53101
+binutils<2.45  heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-7545
+binutils<2.45  out-of-bounds-write     https://nvd.nist.gov/vuln/detail/CVE-2025-7546
+php81<8.1.33   input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-1220
+php82<8.2.29   input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-1220
+php83<8.3.23   input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-1220
+php84<8.4.10   input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-1220
+php81-pgsql<8.1.33     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-1735
+php82-pgsql<8.2.29     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-1735
+php83-pgsql<8.3.23     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-1735
+php84-pgsql<8.4.10     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-1735
+php81-soap<8.1.33      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-6491
+php82-soap<8.2.29      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-6491
+php83-soap<8.3.23      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-6491
+php84-soap<8.4.10      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-6491
+polkit-[0-9]*          out-of-bounds-write     https://nvd.nist.gov/vuln/detail/CVE-2025-7519
+py{27,39,310,311,312,313}-aiohttp<3.12.14      request-smuggling       https://nvd.nist.gov/vuln/detail/CVE-2025-53643
+roundup<2.5.0          cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2025-53865

Prev by Date: CVS commit: pkgsrc/audio/libilbc
Next by Date: CVS commit: pkgsrc/audio/py-music21
Previous by Thread: CVS commit: pkgsrc/audio/libilbc
Next by Thread: CVS commit: pkgsrc/audio/py-music21
Indexes:

Home | Main Index | Thread Index | Old Index