CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Thu, 24 Jul 2025 08:22:08 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Thu Jul 24 08:22:08 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add Tuesday, Wednesday CVEs

+ libssh, viewvc, chromium,
  php-xdebug (maybe works as intended, i.e. exposing a
  debugger leads to being able to inject code/command and documentation seems to
  indicate that... unclear if reported upstream or authentication was added and
  enabled by default),
  apache, py-mezzanine,
  redis (unclear if fixed or not or if reported upstream, release changelog of
  last versions do not mention this CVE, assume not fixed)


To generate a diff of this commit:
cvs rdiff -u -r1.475 -r1.476 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.475 pkgsrc/doc/pkg-vulnerabilities:1.476
--- pkgsrc/doc/pkg-vulnerabilities:1.475        Tue Jul 22 09:47:18 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Thu Jul 24 08:22:08 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.475 2025/07/22 09:47:18 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.476 2025/07/24 08:22:08 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -27202,3 +27202,11 @@ mbedtls<3.6.4          null-pointer-dereference        
 mbedtls>=3.6.1<3.6.4   side-channel                    https://nvd.nist.gov/vuln/detail/CVE-2025-49087
 powerdns-recursor<5.0.12       cache-poisoning         https://nvd.nist.gov/vuln/detail/CVE-2025-30192
 py{27,39,310,311,312,313}-starlette<0.47.2     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-54121
+libssh<0.11.2  heap-corruption         https://nvd.nist.gov/vuln/detail/CVE-2025-4878
+viewvc<1.2.4   directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2025-54141
+chromium<138.0.7204.168        heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-8010
+chromium<138.0.7204.168        heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-8011
+php{56,73,74,80,81,82,83,84}-xdebug-[0-9]*     command-injection       https://nvd.nist.gov/vuln/detail/CVE-2015-10141
+apache<2.4.65  invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2025-54090
+py{27,39,310,311,312,313}-mezzanine<6.1.1      cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2025-50481
+redis-[0-9]*   memory-corruption       https://nvd.nist.gov/vuln/detail/CVE-2025-46686

Prev by Date: CVS commit: pkgsrc/net/powerdns
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/net/powerdns
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index