CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Robert Bagdan" <kikadf%netbsd.org@localhost>
Date: Mon, 1 Sep 2025 12:09:03 +0000

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Mon Sep  1 12:09:03 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc/pkg-vulnerabilities: restrict LuaJIT2 patterns

CVE-2020-15890: fixed in https://github.com/LuaJIT/LuaJIT/issues/601
CVE-2020-24372: fixed in https://github.com/LuaJIT/LuaJIT/issues/603


To generate a diff of this commit:
cvs rdiff -u -r1.535 -r1.536 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.535 pkgsrc/doc/pkg-vulnerabilities:1.536
--- pkgsrc/doc/pkg-vulnerabilities:1.535        Sun Aug 31 09:48:07 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Mon Sep  1 12:09:03 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.535 2025/08/31 09:48:07 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.536 2025/09/01 12:09:03 kikadf Exp $
 #
 #FORMAT 1.0.0
 #
@@ -19692,7 +19692,7 @@ qemu<6.1.0      denial-of-service       https://nvd
 qemu<5.1.0     arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2020-15863
 lua54<5.4.1    heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2020-15888
 lua54<5.4.1    out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2020-15889
-LuaJIT2-[0-9]* out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2020-15890
+LuaJIT2<2.1.1713773202 out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2020-15890
 magento<1.9.4.6        multiple-vulnerabilities        https://helpx.adobe.com/security/products/magento/apsb20-41.html
 magento<2      eol     https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
 python27-[0-9]*        eol     https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
@@ -19804,7 +19804,7 @@ jenkins<2.243           sensitive-information-dis
 lua54<5.4.1    null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2020-24369
 lua54<5.4.1    denial-of-service               https://nvd.nist.gov/vuln/detail/CVE-2020-24370
 lua54<5.4.1    unspecified                     https://nvd.nist.gov/vuln/detail/CVE-2020-24371
-LuaJIT2-[0-9]* out-of-bounds-read              https://nvd.nist.gov/vuln/detail/CVE-2020-24372
+LuaJIT2<2.1.1713773202 out-of-bounds-read              https://nvd.nist.gov/vuln/detail/CVE-2020-24372
 elasticsearch<6.8.12           security-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-7019
 elasticsearch>=7.0.0<7.9.0     security-bypass https://nvd.nist.gov/vuln/detail/CVE-2020-7019
 curl>=7.29.0<7.72.0    expired-pointer-dereference     https://curl.haxx.se/docs/CVE-2020-8231.html

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index