CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Wed, 15 Oct 2025 10:19:38 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Wed Oct 15 10:19:38 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add (part of) old CVEs for PKGBASE starting with "g"

+ zabbix-agent, gindent,
  git-base (CVE-2024-52005 not addressed, recommendation is to avoid non-trusted
  repository, probably we should comment it out),
  gitea, glade, glib2, global
  glslang (not fixed),
  gnome-shell, gnupg2, gnuplot, gnutls, go


To generate a diff of this commit:
cvs rdiff -u -r1.617 -r1.618 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.617 pkgsrc/doc/pkg-vulnerabilities:1.618
--- pkgsrc/doc/pkg-vulnerabilities:1.617        Wed Oct 15 09:42:30 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Wed Oct 15 10:19:38 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.617 2025/10/15 09:42:30 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.618 2025/10/15 10:19:38 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -28493,3 +28493,93 @@ firefox140<140.4       multiple-vulnerabilitie
 thunderbird<144                multiple-vulnerabilities        https://www.mozilla.org/en-US/security/advisories/mfsa2025-84/
 thunderbird140<140.4   multiple-vulnerabilities        https://www.mozilla.org/en-US/security/advisories/mfsa2025-85/
 webkit-gtk<2.50.1      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-43343
+zabbix-agent<6.0.18    code-injection  https://nvd.nist.gov/vuln/detail/CVE-2023-29453
+gindent<2.2.14 heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2023-40305
+gindent<2.2.14 heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2024-0911
+git-base<2.6.1 sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-50338
+git-base-[0-9]*        input-validation        https://nvd.nist.gov/vuln/detail/CVE-2024-52005
+git-base<2.26.1        sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-52006
+git-lfs<3.6.1  sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-53263
+gitea<1.17.2   unspecified     https://nvd.nist.gov/vuln/detail/CVE-2022-38795
+gitea<1.19.4   open-redirect   https://nvd.nist.gov/vuln/detail/CVE-2023-3515
+glade<3.40.0   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2020-36774
+glib2<2.74     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-29499
+glib2<2.74     denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-32611
+glib2<2.74.4   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-32636
+glib2<2.74.4   heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2023-32643
+glib2<2.74.4   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-32665
+glib2<2.80.1   unspecified     https://nvd.nist.gov/vuln/detail/CVE-2024-34397
+glib2<2.82.1   buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2024-52533
+glib2<2.82.5   integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2025-3360
+glib2<2.84.2   buffer-underflow        https://nvd.nist.gov/vuln/detail/CVE-2025-4373
+global<6.6.13  arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-38448
+glslang-[0-9]* null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-3010
+# disputed by upstream, considered a feature
+#gnome-settings-daemon-[0-9]*  unspecified     https://nvd.nist.gov/vuln/detail/CVE-2024-38394
+gnome-shell<44.5       security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-43090
+gnome-shell<44.5       security-bypass https://nvd.nist.gov/vuln/detail/CVE-2023-50977
+gnome-shell<48.0       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-36472
+gnupg2<2.5.5   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-30258
+gnuplot<6.0    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31176
+gnuplot<6.0    heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2025-31177
+gnuplot<6.0    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31178
+gnuplot<6.0    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31179
+gnuplot<6.0    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31180
+gnuplot<6.1    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-31181
+gnuplot<6.1    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-3359
+gnutls<3.8.8   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-12243
+gnutls<3.8.4   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-28835
+go121<1.21.0   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-24531
+go119<1.19.8   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-24534
+go120<1.20.3   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-24534
+go119<1.19.8   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-24536
+go120<1.20.3   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-24536
+go119<1.19.8   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-24537
+go120<1.20.3   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-24537
+go119<1.19.8   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-24538
+go120<1.20.3   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-24538
+go119<1.19.9   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-24539
+go120<1.20.4   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-24539
+go119<1.19.9   html-attribute-injection        https://nvd.nist.gov/vuln/detail/CVE-2023-29400
+go120<1.20.4   html-attribute-injection        https://nvd.nist.gov/vuln/detail/CVE-2023-29400
+go119<1.19.10  code-injection  https://nvd.nist.gov/vuln/detail/CVE-2023-29402
+go120<1.20.5   code-injection  https://nvd.nist.gov/vuln/detail/CVE-2023-29402
+go119<1.19.10  sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2023-29403
+go120<1.20.5   sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2023-29403
+go119<1.19.10  invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-29404
+go120<1.20.5   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-29404
+go119<1.19.10  invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-29405
+go120<1.20.5   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2023-29405
+go119<1.19.11  http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-29406
+go120<1.20.6   http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2023-29406
+go119<1.19.12  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-29409
+go120<1.20.7   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-29409
+go120<1.20.8   cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2023-39318
+go121<1.21.1   cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2023-39318
+go120<1.20.8   cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2023-39319
+go121<1.21.1   cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2023-39319
+go121<1.21.1   arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2023-39320
+go121<1.21.1   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-39322
+go120<1.20.0   timing-side-channel     https://nvd.nist.gov/vuln/detail/CVE-2023-45287
+go121<1.21.8   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-45290
+go122<1.22.1   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2023-45290
+go121<1.21.8   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24784
+go122<1.22.1   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24784
+go121<1.21.8   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24785
+go122<1.22.1   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24785
+go122<1.22.3   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-24788
+go121<1.21.11  invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24789
+go122<1.22.4   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24789
+go121<1.21.11  invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24790
+go122<1.22.4   invalid-validation      https://nvd.nist.gov/vuln/detail/CVE-2024-24790
+go121<1.21.12  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-24791
+go122<1.22.5   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-24791
+go122<1.22.11  sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-45336
+go123<1.23.0   sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-45336
+go122<1.22.11  input-validation        https://nvd.nist.gov/vuln/detail/CVE-2024-45341
+go123<1.23.5   input-validation        https://nvd.nist.gov/vuln/detail/CVE-2024-45341
+go122<1.22.12  timing-side-channel     https://nvd.nist.gov/vuln/detail/CVE-2025-22866
+go123<1.23.6   timing-side-channel     https://nvd.nist.gov/vuln/detail/CVE-2025-22866
+go123<1.23.8   http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2025-22871
+go124<1.24.2   http-request-smuggling  https://nvd.nist.gov/vuln/detail/CVE-2025-22871
+go124<1.24.0   sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2024-45340

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/chat/prosody
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/chat/prosody
Indexes:

Home | Main Index | Thread Index | Old Index