CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Sat, 11 Oct 2025 18:13:16 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Sat Oct 11 18:13:16 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add (part of) old CVEs for PKGBASEs starting with g

+ gdk-pixbuf2
  geeklog (probably not fixed, unclear if reported upstream or not),
  gerbv, gh, ghostscript-agpl, ghostscript-gpl,
  giflib (CVE-2023-39742, CVE-2023-48161, CVE-2025-31344, CVE-2024-45993 seems not fixed),
  gifsicle, gimp


To generate a diff of this commit:
cvs rdiff -u -r1.611 -r1.612 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.611 pkgsrc/doc/pkg-vulnerabilities:1.612
--- pkgsrc/doc/pkg-vulnerabilities:1.611        Sat Oct 11 12:50:39 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Sat Oct 11 18:13:16 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.611 2025/10/11 12:50:39 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.612 2025/10/11 18:13:16 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -28405,3 +28405,84 @@ ganglia-webfrontend-[0-9]*     cross-site-sc
 gdb<14.1       stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2023-39128
 gdb<14.0       use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2023-39129
 gdb<14.0       heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2023-39130
+gdk-pixbuf2<2.42.12    memory-corruption       https://nvd.nist.gov/vuln/detail/CVE-2022-48622
+geeklog-[0-9]* cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2023-46058
+geeklog-[0-9]* cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2023-46059
+gerbv<2.10.0   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-4508
+gh<2.61.0      command-injection       https://nvd.nist.gov/vuln/detail/CVE-2024-52308
+gh<2.63.0      sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-53858
+gh<2.11.1      sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-53859
+gh<2.63.1      path-traversal  https://nvd.nist.gov/vuln/detail/CVE-2024-54132
+gh<2.67.0      invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2025-25204
+ghostscript-agpl<9.51  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2020-21710
+ghostscript-gpl-[0-9]* denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2020-21710
+ghostscript-agpl<9.51  buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2020-21890
+ghostscript-gpl-[0-9]* buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2020-21890
+ghostscript-agpl<9.53.0        out-of-bounds-write     https://nvd.nist.gov/vuln/detail/CVE-2020-36773
+ghostscript-gpl-[0-9]* out-of-bounds-write     https://nvd.nist.gov/vuln/detail/CVE-2020-36773
+ghostscript-agpl<10.01.2       invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-36664
+ghostscript-gpl-[0-9]*         invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-36664
+ghostscript-agpl<10.02.0       out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2023-38559
+ghostscript-gpl-[0-9]*         out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2023-38559
+ghostscript-agpl<10.02.0       integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2023-38560
+ghostscript-gpl-[0-9]*         integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2023-38560
+ghostscript-agpl<10.02.0       remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2023-43115
+ghostscript-gpl-[0-9]*         remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2023-43115
+ghostscript-agpl<10.02.1       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-46751
+ghostscript-gpl-[0-9]*         denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-46751
+ghostscript-agpl<10.03.0       stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2024-29506
+ghostscript-gpl-[0-9]*         stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2024-29506
+ghostscript-agpl<10.03.0       stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2024-29507
+ghostscript-gpl-[0-9]*         stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2024-29507
+ghostscript-agpl<10.03.0       information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2024-29508
+ghostscript-gpl-[0-9]*         information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2024-29508
+ghostscript-agpl<10.03.0       heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-29509
+ghostscript-gpl-[0-9]*         heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-29509
+ghostscript-agpl<10.03.1       sandbox-escape  https://nvd.nist.gov/vuln/detail/CVE-2024-29510
+ghostscript-gpl-[0-9]*         sandbox-escape  https://nvd.nist.gov/vuln/detail/CVE-2024-29510
+ghostscript-agpl<10.03.1       directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-29511
+ghostscript-gpl-[0-9]*         directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-29511
+ghostscript-agpl<10.03.1       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2024-33869
+ghostscript-gpl-[0-9]*         command-injection       https://nvd.nist.gov/vuln/detail/CVE-2024-33869
+ghostscript-agpl<10.03.1       directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-33870
+ghostscript-gpl-[0-9]*         directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-33870
+ghostscript-agpl<10.03.1       arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-33871
+ghostscript-gpl-[0-9]*         arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-33871
+ghostscript-agpl<10.04.0       arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-46951
+ghostscript-gpl-[0-9]*         arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-46951
+ghostscript-agpl<10.04.0       buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2024-46952
+ghostscript-gpl-[0-9]*         buffer-overflow         https://nvd.nist.gov/vuln/detail/CVE-2024-46952
+ghostscript-agpl<10.04.0       integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2024-46953
+ghostscript-gpl-[0-9]*         integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2024-46953
+ghostscript-agpl<10.04.0       directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-46954
+ghostscript-gpl-[0-9]*         directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2024-46954
+ghostscript-agpl<10.04.0       out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2024-46955
+ghostscript-gpl-[0-9]*         out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2024-46955
+ghostscript-agpl<10.04.0       out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2024-46956
+ghostscript-gpl-[0-9]*         out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2024-46956
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27830
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27830
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27831
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27831
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27832
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27832
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27833
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27833
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27834
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27834
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27835
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27835
+ghostscript-agpl<10.05.0       buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27836
+ghostscript-gpl-[0-9]*         buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-27836
+ghostscript-agpl<10.05.0       arbitrary-file-read     https://nvd.nist.gov/vuln/detail/CVE-2025-27837
+ghostscript-gpl-[0-9]*         arbitrary-file-read     https://nvd.nist.gov/vuln/detail/CVE-2025-27837
+ghostscript-agpl<10.05.0       directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2025-46646
+ghostscript-gpl-[0-9]*         directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2025-46646
+giflib-[0-9]*  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-39742
+giflib-[0-9]*  buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2023-48161
+giflib-[0-9]*  heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-31344
+giflib-[0-9]*  heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-45993
+gifsicle<1.94  heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2023-36193
+gifsicle<1.95  floating-point-exception        https://nvd.nist.gov/vuln/detail/CVE-2023-46009
+gimp<3.0.0     integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2025-2760
+gimp<3.0.0     out-of-bounds-write     https://nvd.nist.gov/vuln/detail/CVE-2025-2761

Prev by Date: CVS commit: pkgsrc/multimedia/gmplayer
Next by Date: CVS commit: pkgsrc/devel/got
Previous by Thread: CVS commit: pkgsrc/multimedia/gmplayer
Next by Thread: CVS commit: pkgsrc/devel/got
Indexes:

Home | Main Index | Thread Index | Old Index