CVS commit: pkgsrc/doc

["Havard Eidnes" <he%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   he
Date:           Thu Jun 18 16:01:36 UTC 2026

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
CVE-2021-44917 in gnuplot I read as fixed in 2021, so fix is in 6.0 and newer.

Ref. https://sourceforge.net/p/gnuplot/bugs/2474/ and 6.0's release
date being December 2023.


To generate a diff of this commit:
cvs rdiff -u -r1.765 -r1.766 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.765 pkgsrc/doc/pkg-vulnerabilities:1.766
--- pkgsrc/doc/pkg-vulnerabilities:1.765        Tue Jun 16 07:25:23 2026
+++ pkgsrc/doc/pkg-vulnerabilities      Thu Jun 18 16:01:36 2026
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.765 2026/06/16 07:25:23 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.766 2026/06/18 16:01:36 he Exp $
 #
 #FORMAT 1.0.0
 #
@@ -22504,7 +22504,7 @@ gerbv<2.8.1     integer-overflow        https://nvd
 ghostscript-agpl<9.54  use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2021-45944
 ghostscript-agpl<9.55.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2021-45949
 giftrans-[0-9]*                stack-overflow  https://nvd.nist.gov/vuln/detail/CVE-2021-45972
-gnuplot-[0-9]* denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2021-44917
+gnuplot<6.0    denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2021-44917
 go116<1.16.12  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2021-44716
 go117<1.17.5   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2021-44716
 go116<1.16.12  arbitrary-file-write    https://nvd.nist.gov/vuln/detail/CVE-2021-44717