pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/doc
Module Name: pkgsrc
Committed By: leot
Date: Sat Jan 10 12:22:18 UTC 2026
Modified Files:
pkgsrc/doc: pkg-vulnerabilities
Log Message:
pkg-vulnerabilities: add last 36 hours CVEs
+ curl, fluidsynth, harfbuzz,
libsoup (possible patch under review),
miniflux, py-authlib, py-filelock, py-pdf, py-virtualenv, py-werkzeug, wget2
To generate a diff of this commit:
cvs rdiff -u -r1.710 -r1.711 pkgsrc/doc/pkg-vulnerabilities
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.710 pkgsrc/doc/pkg-vulnerabilities:1.711
--- pkgsrc/doc/pkg-vulnerabilities:1.710 Fri Jan 9 12:02:35 2026
+++ pkgsrc/doc/pkg-vulnerabilities Sat Jan 10 12:22:18 2026
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.710 2026/01/09 12:02:35 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.711 2026/01/10 12:22:18 leot Exp $
#
#FORMAT 1.0.0
#
@@ -29329,3 +29329,22 @@ chromium<143.0.7499.192 code-injection
libtasn1<4.21.0 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-13151
lmdb-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-22185
py{27,310,311,312,313,314}-urllib3<2.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-21441
+# curl not built with ngtcp2
+#curl>=8.8.0<8.18.0 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2025-13034
+curl<8.18.0 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2025-14017
+curl<8.18.0 sensitive-information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2025-14524
+curl<8.18.0 improper-certificate-validation https://nvd.nist.gov/vuln/detail/CVE-2025-14819
+curl<8.18.0 improper-authorization https://nvd.nist.gov/vuln/detail/CVE-2025-15079
+curl<8.18.0 improper-authentication https://nvd.nist.gov/vuln/detail/CVE-2025-15224
+fluidsynth<2.4.7 null-pointer-dereference https://nvd.nist.gov/vuln/detail/CVE-2025-56225
+harfbuzz<12.3.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-22693
+libsoup-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2026-0719
+miniflux<2.2.16 server-side-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2026-21885
+py{27,310,311,312,313,314}-authlib<1.6.6 cross-site-request-forgery https://nvd.nist.gov/vuln/detail/CVE-2025-68158
+py{27,310,311,312,313,314}-filelock<3.20.3 symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2026-22701
+py{27,310,311,312,313,314}-pdf<6.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-22690
+py{27,310,311,312,313,314}-pdf<6.6.0 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-22691
+py{27,310,311,312,313,314}-virtualenv<20.36.1 symlink-attack https://nvd.nist.gov/vuln/detail/CVE-2026-22702
+py{27,310,311,312,313,314}-werkzeug<3.1.5 input-validation https://nvd.nist.gov/vuln/detail/CVE-2026-21860
+wget2<2.2.1 directory-traversal https://nvd.nist.gov/vuln/detail/CVE-2025-69194
+wget2<2.2.1 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-69195
Home |
Main Index |
Thread Index |
Old Index