CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Robert Bagdan" <kikadf%netbsd.org@localhost>
Date: Mon, 1 Sep 2025 15:03:40 +0000

Module Name:    pkgsrc
Committed By:   kikadf
Date:           Mon Sep  1 15:03:40 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc/pkg-vulnerabilities: restrict GraphicsMagick patterns

CVE-2017-15281: CVE in ImageMagick, no indication it affects GraphicsMagick
CVE-2017-16352: fixed in 1.3.27,
 https://sourceforge.net/p/graphicsmagick/code/ci/7292230dd185409cdabd0bd61f691403d94776fe/
CVE-2017-16353: fixed in 1.3.27,
 https://sourceforge.net/p/graphicsmagick/code/ci/e4e1c2a581d897b6f5d1fd8c1d30e96d57b69793/
CVE-2017-16545: fixed in 1.3.27, https://sourceforge.net/p/graphicsmagick/bugs/519/
CVE-2017-16547: fixed in 1.3.27, https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16669: fixed in 1.3.27, https://sourceforge.net/p/graphicsmagick/bugs/450/
CVE-2017-17782: fixed in 1.3.28, https://sourceforge.net/p/graphicsmagick/bugs/530/
CVE-2017-17783: fixed in 1.3.28, https://sourceforge.net/p/graphicsmagick/bugs/529/
CVE-2025-32460: fixed in pkgsrc, 1.3.42nb14


To generate a diff of this commit:
cvs rdiff -u -r1.537 -r1.538 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.537 pkgsrc/doc/pkg-vulnerabilities:1.538
--- pkgsrc/doc/pkg-vulnerabilities:1.537        Mon Sep  1 12:10:30 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Mon Sep  1 15:03:39 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.537 2025/09/01 12:10:30 kikadf Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.538 2025/09/01 15:03:39 kikadf Exp $
 #
 #FORMAT 1.0.0
 #
@@ -13488,7 +13488,7 @@ qemu<2.11.1             denial-of-service       https://n
 ImageMagick6<6.9.9.3   information-leak        https://nvd.nist.gov/vuln/detail/CVE-2017-15277
 ImageMagick<7.0.6.3    information-leak        https://nvd.nist.gov/vuln/detail/CVE-2017-15277
 ImageMagick<7.0.7.8    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-15281
-graphicsmagick-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-15281
+#graphicsmagick-[0-9]* denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-15281 # CVE in ImageMagick, no indication it affects GraphicsMagick
 sqlite3<3.21.0 null-dereference        https://nvd.nist.gov/vuln/detail/CVE-2017-15286
 dnsmasq<2.78   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-13704
 dnsmasq<2.78   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-14491
@@ -13544,11 +13544,11 @@ ruby{22,23,24}-redmine>=3.3.0<3.3.3   sens
 ruby{22,23,24}-redmine<3.2.6   sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2017-15575
 ruby{22,23,24}-redmine>=3.3.0<3.3.3    sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2017-15575
 rsync<3.1.2nb1         heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2017-16548
-graphicsmagick-[0-9]*  heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2017-16352
-graphicsmagick-[0-9]*  information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2017-16353
-graphicsmagick-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16545
-graphicsmagick-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16547
-graphicsmagick-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-15930
+graphicsmagick<1.3.27  heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2017-16352
+graphicsmagick<1.3.27  information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2017-16353
+graphicsmagick<1.3.27  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16545
+graphicsmagick<1.3.27  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16547
+graphicsmagick<1.3.27  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-15930
 ImageMagick<7.0.7.10   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16546
 ImageMagick6<6.9.9.23  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16546
 modular-xorg-server<1.19.4     buffer-overflow https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13721
@@ -13832,7 +13832,7 @@ xenkernel45-[0-9]*      denial-of-service       htt
 xenkernel46<4.6.6nb2   denial-of-service       https://xenbits.xen.org/xsa/advisory-247.html
 xenkernel48<4.8.3      denial-of-service       https://xenbits.xen.org/xsa/advisory-247.html
 ruby{22,23,24,25,26}-yard<0.9.11       directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2017-17042
-graphicsmagick-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16669
+graphicsmagick<1.3.27  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16669
 kmplayer-[0-9]*                denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-16952
 cacti<1.1.28           cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2017-16785
 samba<4.6.11           information-leak        https://www.samba.org/samba/security/CVE-2017-15275.html
@@ -14025,8 +14025,8 @@ php{56,70,71,72}-contao44<4.4.8         sql-inj
 wireshark<2.2.11       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2017-17997
 webmin<1.870           cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2017-17089
 tiff<4.0.10            use-after-free          https://nvd.nist.gov/vuln/detail/CVE-2017-17973
-graphicsmagick-[0-9]*  buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2017-17782
-graphicsmagick-[0-9]*  buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2017-17783
+graphicsmagick<1.3.28  buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2017-17782
+graphicsmagick<1.3.28  buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2017-17783
 apache-2.2.[0-9]*      eol                     https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
 exiv2<0.27             null-dereference        https://nvd.nist.gov/vuln/detail/CVE-2017-18005
 magento<2.1.2          multiple-vulnerabilities        https://nvd.nist.gov/vuln/detail/CVE-2016-10704
@@ -27398,8 +27398,8 @@ ufoai<2.3.1     buffer-overflow         https://nvd
 7-zip<24.07    integer-underflow       https://nvd.nist.gov/vuln/detail/CVE-2024-11477
 7-zip<24.08    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-11612
 7-zip<24.09    security-bypass         https://nvd.nist.gov/vuln/detail/CVE-2025-0411
-GraphicsMagick<1.34    buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2020-21679
-GraphicsMagick-[0-9]*  out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-32460
+GraphicsMagick<1.3.34  buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2020-21679
+GraphicsMagick<1.3.42nb14      out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-32460
 ImageMagick6<6.9.12.43 division-by-zero        https://nvd.nist.gov/vuln/detail/CVE-2021-40211
 ImageMagick<7.1.0.5    division-by-zero        https://nvd.nist.gov/vuln/detail/CVE-2021-40211
 ImageMagick6<6.9.11.46 memory-leak             https://nvd.nist.gov/vuln/detail/CVE-2022-48541

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/audio/audacity
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/audio/audacity
Indexes:

Home | Main Index | Thread Index | Old Index