CVS commit: pkgsrc/doc

["Leonardo Taccari" <leot%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   leot
Date:           Wed Nov 19 21:57:11 UTC 2025

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add last 36 hours CVEs

+ chromium, drupal,
  grub2 (all fixed upstream, 2.12 affected, no stable releases with the fix),
  haproxy, libvirt, mongo-c-driver, php-piwigo, py-cbor2,
  rsync (fixed upstream, latest stable release 3.4.1 affected)


To generate a diff of this commit:
cvs rdiff -u -r1.666 -r1.667 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.666 pkgsrc/doc/pkg-vulnerabilities:1.667
--- pkgsrc/doc/pkg-vulnerabilities:1.666        Mon Nov 17 13:38:05 2025
+++ pkgsrc/doc/pkg-vulnerabilities      Wed Nov 19 21:57:11 2025
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.666 2025/11/17 13:38:05 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.667 2025/11/19 21:57:11 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -28929,3 +28929,26 @@ postgresql-server>=18<18.1     denial-of-ser
 radare2<6.0.5  null-pointer-derference https://nvd.nist.gov/vuln/detail/CVE-2025-63744
 radare2<6.0.5  null-pointer-derference https://nvd.nist.gov/vuln/detail/CVE-2025-63745
 qjson-[0-9]*   eol             https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
+chromium<142.0.7444.175        heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13223
+chromium<142.0.7444.175        heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13224
+chromium<142.0.7444.59 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13226
+chromium<142.0.7444.59 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13227
+chromium<142.0.7444.59 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13228
+chromium<142.0.7444.59 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13229
+chromium<142.0.7444.59 heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2025-13230
+drupal<11.1.9  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-13080
+drupal<11.1.9  php-object-injection    https://nvd.nist.gov/vuln/detail/CVE-2025-13081
+drupal<11.1.9  ui-spoofing             https://nvd.nist.gov/vuln/detail/CVE-2025-13082
+drupal<11.1.9  information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2025-13083
+grub2-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-54770
+grub2-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-54771
+grub2-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-61661
+grub2-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-61662
+grub2-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-61663
+grub2-[0-9]*   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-61664
+haproxy<3.2.6  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-11230
+libvirt<11.10.0        sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2025-13193
+mongo-c-driver<1.30.6  null-pointer-dereference        https://nvd.nist.gov/vuln/detail/CVE-2025-12119
+php{56,74,81,82,83,84}-piwigo<15.6.0           account-impersonation           https://nvd.nist.gov/vuln/detail/CVE-2025-62406
+py{27,39,310,311,312,313,314}-cbor2<5.7.1      multiple-vulnerabilities        https://nvd.nist.gov/vuln/detail/CVE-2025-64076
+rsync-[0-9]*   out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-10158