CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Robert Bagdan" <kikadf%netbsd.org@localhost>
Date: Sat, 23 Aug 2025 13:15:38 +0000

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Sat Aug 23 13:15:38 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc/pkg-vulnerabilities: djvulibre-lib alarm fine-tuning

CVE-2019-15142: fixed in 3.5.28, https://sourceforge.net/p/djvu/djvulibre-git/ci/970fb11a296b5bbdc5e8425851253d2c5913c45e/
CVE-2019-15143: fixed in 3.5.28, https://sourceforge.net/p/djvu/djvulibre-git/ci/b1f4e1b2187d9e5010cd01ceccf20b4a11ce723f/
CVE-2019-15144: fixed in 3.5.28, https://sourceforge.net/p/djvu/djvulibre-git/ci/e15d51510048927f172f1bf1f27ede65907d940d/
CVE-2019-15145: fixed in 3.5.28, https://sourceforge.net/p/djvu/djvulibre-git/ci/9658b01431cd7ff6344d7787f855179e73fe81a7/
CVE-2019-18804: fixed in 3.5.28, https://sourceforge.net/p/djvu/djvulibre-git/ci/c8bec6549c10ffaa2f2fbad8bbc629efdf0dd125/
CVE-2021-3500, CVE-2021-32490, CVE-2021-32491, CVE-2021-32492 and CVE-2021-32493: fixed in 3.5.29,
https://sourceforge.net/p/djvu/djvulibre-git/ci/cd8b5c97b27a5c1dc83046498b6ca49ad20aa9b6/


To generate a diff of this commit:
cvs rdiff -u -r1.517 -r1.518 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.517 pkgsrc/doc/pkg-vulnerabilities:1.518
--- pkgsrc/doc/pkg-vulnerabilities:1.517        Fri Aug 22 10:35:49 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Sat Aug 23 13:15:38 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.517 2025/08/22 10:35:49 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.518 2025/08/23 13:15:38 kikadf Exp $
 #
 #FORMAT 1.0.0
 #
@@ -17927,10 +17927,10 @@ ImageMagick<7.0.8.43  denial-of-service       h
 ImageMagick6<6.9.10.43 denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15140
 ImageMagick<7.0.8.43   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15141
 ImageMagick6<6.9.10.43 denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15141
-djvulibre-lib-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15142
-djvulibre-lib-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15143
-djvulibre-lib-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15144
-djvulibre-lib-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15145
+djvulibre-lib<3.5.28   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15142
+djvulibre-lib<3.5.28   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15143
+djvulibre-lib<3.5.28   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15144
+djvulibre-lib<3.5.28   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2019-15145
 adplug<2.3.3           double-free             https://nvd.nist.gov/vuln/detail/CVE-2019-15151
 ruby{22,23,24,25,26}-rest-client>=1.6.10<1.6.14  remote-code-execution https://nvd.nist.gov/vuln/detail/CVE-2019-15224
 webmin<1.930                           remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2019-15231
@@ -18340,7 +18340,7 @@ xlockmore-[0-9]*                unauthorized-access     ht
 xlockmore<5.24                 unauthorized-access     https://nvd.nist.gov/vuln/detail/CVE-2006-0062
 openttd<1.1.5          denial-of-service               https://nvd.nist.gov/vuln/detail/CVE-2012-0049
 tahoe-lafs<1.9.1       unspecified                     https://nvd.nist.gov/vuln/detail/CVE-2012-0051
-djvulibre-lib-[0-9]*   null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2019-18804
+djvulibre-lib<3.5.28   null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2019-18804
 viewvc-[0-9]*  information-disclosure          https://nvd.nist.gov/vuln/detail/CVE-2007-5743
 clamav<0.91.2  floating-point-exception        https://nvd.nist.gov/vuln/detail/CVE-2007-6745
 gri<2.12.18    insecure-temporary-files        https://nvd.nist.gov/vuln/detail/CVE-2008-7291
@@ -21335,11 +21335,11 @@ thunderbird<78.11     multiple-vulnerabiliti
 # rejected
 #ImageMagick-[0-9]*    memory-leak                     https://nvd.nist.gov/vuln/detail/CVE-2021-34183
 ampache<4.4.3          code-injection                  https://nvd.nist.gov/vuln/detail/CVE-2021-32644
-djvulibre-lib-[0-9]*   out-of-bounds-write             https://nvd.nist.gov/vuln/detail/CVE-2021-32490
-djvulibre-lib-[0-9]*   integer-overflow                https://nvd.nist.gov/vuln/detail/CVE-2021-32491
-djvulibre-lib-[0-9]*   out-of-bounds-read              https://nvd.nist.gov/vuln/detail/CVE-2021-32492
-djvulibre-lib-[0-9]*   heap-overflow                   https://nvd.nist.gov/vuln/detail/CVE-2021-32493
-djvulibre-lib-[0-9]*   stack-overflow                  https://nvd.nist.gov/vuln/detail/CVE-2021-3500
+djvulibre-lib<3.5.29   out-of-bounds-write             https://nvd.nist.gov/vuln/detail/CVE-2021-32490
+djvulibre-lib<3.5.29   integer-overflow                https://nvd.nist.gov/vuln/detail/CVE-2021-32491
+djvulibre-lib<3.5.29   out-of-bounds-read              https://nvd.nist.gov/vuln/detail/CVE-2021-32492
+djvulibre-lib<3.5.29   heap-overflow                   https://nvd.nist.gov/vuln/detail/CVE-2021-32493
+djvulibre-lib<3.5.29   stack-overflow                  https://nvd.nist.gov/vuln/detail/CVE-2021-3500
 jetty<9.4.41           improper-session-handling       https://nvd.nist.gov/vuln/detail/CVE-2021-34428
 moodle-[0-9]*          arbitrary-command-execution     https://nvd.nist.gov/vuln/detail/CVE-2021-21809
 opengrok<1.6.9         unspecified                     https://nvd.nist.gov/vuln/detail/CVE-2021-2322

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/lang/ocaml
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/lang/ocaml
Indexes:

Home | Main Index | Thread Index | Old Index