CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Tue, 21 Oct 2025 12:32:16 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Tue Oct 21 12:32:16 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: restrict some fluent-bit CVEs

They were fixed upstream via
<https://github.com/fluent/fluent-bit/commit/7636151cd27353ffeaf606e516c95d567beaa77a>.

Pointed out via <https://github.com/lmarch2/poc/issues/1>.


To generate a diff of this commit:
cvs rdiff -u -r1.634 -r1.635 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.634 pkgsrc/doc/pkg-vulnerabilities:1.635
--- pkgsrc/doc/pkg-vulnerabilities:1.634        Mon Oct 20 08:44:31 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Tue Oct 21 12:32:16 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.634 2025/10/20 08:44:31 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.635 2025/10/21 12:32:16 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -28332,8 +28332,8 @@ fluent-bit<1.8.0        heap-overflow   https://n
 fluent-bit<2.2.2       null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2024-23722
 fluent-bit<3.2.7       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-50608
 fluent-bit<3.2.7       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-50609
-fluent-bit-[0-9]*      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-29477
-fluent-bit-[0-9]*      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-29478
+fluent-bit<4.0.1       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-29477
+fluent-bit<4.0.1       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-29478
 fluent-bit-[0-9]*      use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2024-26455
 freeimage-[0-9]*       integer-overflow        https://nvd.nist.gov/vuln/detail/CVE-2023-47992
 freeimage-[0-9]*       out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2023-47993

Prev by Date: CVS commit: pkgsrc/doc
Next by Date: CVS commit: pkgsrc/ham/gr-osmosdr
Previous by Thread: CVS commit: pkgsrc/doc
Next by Thread: CVS commit: pkgsrc/ham/gr-osmosdr
Indexes:

Home | Main Index | Thread Index | Old Index