pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: leot
Date: Thu Mar 19 22:05:30 UTC 2026
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: add last days CVEs
+ ImageMagick{,6},
binutils (no reference to upstream, recheck if fixed once upstream bug
reports /information are available),
cpp-httplib, expat, ffmpeg,
giflib (no upstream information, assume not fixed),
glpi, gpac, gst-plugins1-{good,bad,ugly},
htslib,
inetutils (no stable release with fixes),
jenkins,
libarchive (not fixed, possible PR under review),
libexif (fixed upstream, no stable release with fix),
libsoup (some not fixed),
mongo-c-driver, mongodb, mumble,
ncurses (under discussion, double-check later, assume valid and not fixed),
nghttp2, p5-XML-Parser, p5-YAML-Syck, py-Glances, py-OpenSSL, py-asn1,
py-authlib, py-simpleeval,
python (no stable releases with the fix),
radare2, samtools, wolfssl, xpdf
To generate a diff of this commit:
cvs rdiff -u -r1.751 -r1.752 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.751 pkgsrc/doc/pkg-vulnerabilities:1.752
--- pkgsrc/doc/pkg-vulnerabilities:1.751 Tue Mar 17 20:53:53 2026
+++ pkgsrc/doc/pkg-vulnerabilities Thu Mar 19 22:05:29 2026
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.751 2026/03/17 20:53:53 bouyer Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.752 2026/03/19 22:05:29 leot Exp $
#
#FORMAT 1.0.0
#
@@ -30205,3 +30205,99 @@ zabbix-server-{mysql,postgresql}<6.0.41
zookeeper<3.8.6 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2026-24281
zookeeper<3.8.6 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-24308
firefox<148.0.2 multiple-vulnerabilities https://www.mozilla.org/en-US/security/advisories/mfsa2026-19/
+ImageMagick<7.1.2.17 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-32636
+ImageMagick6<6.9.13.42 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-32636
+binutils-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-3441
+binutils-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-3442
+cpp-httplib<0.37.2 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2026-32627
+expat<2.7.5 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2026-32776
+expat<2.7.5 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-32777
+expat<2.7.5 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2026-32778
+ffmpeg8<8.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-69693
+giflib-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-26740
+php{56,74,81,82,83,84}-glpi<11.0.6 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-25936
+php{56,74,81,82,83,84}-glpi<11.0.6 improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2026-25937
+gpac<26.02.0 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4185
+gst-plugins1-ugly<1.28.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2920
+gst-plugins1-base<1.28.1 integer-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2921
+gst-plugins1-ugly<1.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-2922
+gst-plugins1-bad<1.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-2923
+gst-plugins1-bad<1.28.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-3081
+gst-plugins1-bad<1.28.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-3082
+gst-plugins1-good<1.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-3083
+gst-plugins1-bad<1.28.1 integer-underflow https://nvd.nist.gov/vuln/detail/CVE-2026-3084
+gst-plugins1-good<1.28.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-3085
+gst-plugins1-bad<1.28.1 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-3086
+htslib<1.21.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-31962
+htslib<1.21.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-31963
+htslib<1.21.1 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2026-31964
+htslib<1.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-31965
+htslib<1.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-31966
+htslib<1.21.1 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-31967
+htslib<1.21.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-31968
+htslib<1.21.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-31969
+htslib<1.21.1 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-31970
+htslib<1.21.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-31971
+inetutils-[0-9]* sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-32772
+jenkins<2.541.3 symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2026-33001
+jenkins<2.426.4 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-33002
+libarchive-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-4424
+libarchive-[0-9]* denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-4426
+libexif-[0-9]* integer-underflow https://nvd.nist.gov/vuln/detail/CVE-2026-32775
+libsoup3<3.6.6 integer-underflow https://nvd.nist.gov/vuln/detail/CVE-2026-2369
+libsoup-[0-9]* http-request-smuggling https://nvd.nist.gov/vuln/detail/CVE-2026-3632
+libsoup-[0-9]* crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2026-3633
+libsoup-[0-9]* crlf-attack https://nvd.nist.gov/vuln/detail/CVE-2026-3634
+libsoup-[0-9]* use-after-free https://nvd.nist.gov/vuln/detail/CVE-2026-4271
+mongo-c-driver<2.2.3 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-4359
+mongodb<7.0.31 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-4147
+mongodb<7.0.31 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2026-4148
+mongodb<7.0.31 double-free https://nvd.nist.gov/vuln/detail/CVE-2026-4358
+mumble<1.6.870 out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2025-71264
+ncurses-[0-9]* buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-69720
+nghttp2<1.68.1 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-27135
+p5-XML-Parser<2.48 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2006-10002
+p5-XML-Parser<2.48 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2006-10003
+p5-YAML-Syck<1.37 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4177
+py{27,310,311,312,313,314}-Glances<4.5.2 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-32596
+py{27,310,311,312,313,314}-Glances<4.5.2 command-injection https://nvd.nist.gov/vuln/detail/CVE-2026-32608
+py{27,310,311,312,313,314}-Glances<4.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-32609
+py{27,310,311,312,313,314}-Glances<4.5.2 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-32610
+py{27,310,311,312,313,314}-Glances<4.5.2 sql-injection https://nvd.nist.gov/vuln/detail/CVE-2026-32611
+py{27,310,311,312,313,314}-Glances<4.5.2 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-32632
+py{27,310,311,312,313,314}-Glances<4.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-32633
+py{27,310,311,312,313,314}-Glances<4.5.2 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2026-32634
+py{27,310,311,312,313,314}-OpenSSL<26.0.0 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-27448
+py{27,310,311,312,313,314}-OpenSSL<26.0.0 buffer-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-27459
+py{27,310,311,312,313,314}-asn1<0.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-30922
+py{27,310,311,312,313,314}-authlib<1.6.9 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-27962
+py{27,310,311,312,313,314}-authlib<1.6.9 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2026-28490
+py{27,310,311,312,313,314}-authlib<1.6.9 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-28498
+py{27,310,311,312,313,314}-simpleeval<1.0.5 code-injection https://nvd.nist.gov/vuln/detail/CVE-2026-32640
+python310-[0-9]* path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-3479
+python311-[0-9]* path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-3479
+python312-[0-9]* path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-3479
+python313-[0-9]* path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-3479
+python314-[0-9]* path-traversal https://nvd.nist.gov/vuln/detail/CVE-2026-3479
+python310-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-3644
+python311-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-3644
+python312-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-3644
+python313-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-3644
+python314-[0-9]* input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-3644
+python310-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4224
+python311-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4224
+python312-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4224
+python313-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4224
+python314-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-4224
+radare2<6.1.2 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-4174
+samtools<1.21.1 use-after-free https://nvd.nist.gov/vuln/detail/CVE-2026-31972
+samtools<1.21.1 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2026-31973
+wolfssl<5.9.0 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-0819
+wolfssl<5.9.0 integer-underflow https://nvd.nist.gov/vuln/detail/CVE-2026-1005
+wolfssl<5.9.0 security-bypass https://nvd.nist.gov/vuln/detail/CVE-2026-2645
+wolfssl<5.9.0 heap-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-2646
+wolfssl<5.9.0 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2026-3503
+wolfssl<5.9.0 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-3548
+wolfssl<5.9.0 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2026-3579
+wolfssl<5.9.0 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2026-3580
+xpdf<4.0.7 out-of-bounds-write https://nvd.nist.gov/vuln/detail/CVE-2026-4407
Home |
Main Index |
Thread Index |
Old Index