CVS commit: pkgsrc/doc

["Nia Alarie" <nia%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   nia
Date:           Thu Oct  2 14:26:29 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
CVE-2025-54874 fixed in openjpeg-2.5.4

per https://github.com/uclouvain/openjpeg/commit/f809b80c67717c152a5ad30bf06774f00da4fd2d


To generate a diff of this commit:
cvs rdiff -u -r1.568 -r1.569 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.568 pkgsrc/doc/pkg-vulnerabilities:1.569
--- pkgsrc/doc/pkg-vulnerabilities:1.568        Wed Oct  1 21:04:57 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Thu Oct  2 14:26:29 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.568 2025/10/01 21:04:57 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.569 2025/10/02 14:26:29 nia Exp $
 #
 #FORMAT 1.0.0
 #
@@ -27352,7 +27352,7 @@ nasm-[0-9]*     null-pointer-dereference        htt
 nasm-[0-9]*    stack-overflow          https://nvd.nist.gov/vuln/detail/CVE-2025-8845
 nasm-[0-9]*    stack-overflow          https://nvd.nist.gov/vuln/detail/CVE-2025-8846
 openjpeg<2.5.1 null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-50952
-openjpeg-[0-9]*        heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-54874
+openjpeg>=2.5.1<2.5.4  heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2025-54874
 p5-Catalyst-Authentication-Credential-HTTP<1.019       weak-cryptography       https://nvd.nist.gov/vuln/detail/CVE-2025-40920
 php{56,74,81,82,83,84}-adodb<5.22.10   sql-injection   https://nvd.nist.gov/vuln/detail/CVE-2025-54119
 php{56,74,81,82,83,84}-concrete-cms<9.4.3      cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2025-8571