CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Wed, 21 Jan 2026 17:53:47 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Wed Jan 21 17:53:47 UTC 2026

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add last days CVEs

+ ImageMagick{,6}, chromium, freerdp2,
  inetutils (fixed upstream, latest stable release 2.7 affected),
  nodejs, py-jaraco.context,
  py-ply (probably not shared upstream and the project seems no longer active),
  py-weasyprint,
  python (fixed upstream, no stable releases with fixes)


To generate a diff of this commit:
cvs rdiff -u -r1.717 -r1.718 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.717 pkgsrc/doc/pkg-vulnerabilities:1.718
--- pkgsrc/doc/pkg-vulnerabilities:1.717        Mon Jan 19 17:53:04 2026
+++ pkgsrc/doc/pkg-vulnerabilities      Wed Jan 21 17:53:47 2026
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.717 2026/01/19 17:53:04 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.718 2026/01/21 17:53:47 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -29410,3 +29410,82 @@ thunderbird<147                multiple-vulnerabilitie
 thunderbird140<140.7   multiple-vulnerabilities        https://www.mozilla.org/en-US/security/advisories/mfsa2026-05/
 opencc-[0-9]*  out-of-bounds-read      https://nvd.nist.gov/vuln/detail/CVE-2025-15536
 assimp-[0-9]*  use-after-free          https://nvd.nist.gov/vuln/detail/CVE-2025-15538
+ImageMagick<7.1.2.13   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2026-22770
+ImageMagick<7.1.2.13   denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2026-23874
+ImageMagick<7.1.2.13   heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2026-23876
+ImageMagick6<6.9.13.38 heap-overflow           https://nvd.nist.gov/vuln/detail/CVE-2026-23876
+chromium<144.0.7559.59 out-of-bounds-write                     https://nvd.nist.gov/vuln/detail/CVE-2026-0899
+chromium<144.0.7559.59 memory-corruption                       https://nvd.nist.gov/vuln/detail/CVE-2026-0900
+chromium<144.0.7559.59 out-of-bounds-read                      https://nvd.nist.gov/vuln/detail/CVE-2026-0902
+chromium<144.0.7559.59 ui-spoofing                             https://nvd.nist.gov/vuln/detail/CVE-2026-0904
+chromium<144.0.7559.59 sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2026-0905
+chromium<144.0.7559.59 ui-spoofing                             https://nvd.nist.gov/vuln/detail/CVE-2026-0907
+chromium<144.0.7559.59 use-after-free                          https://nvd.nist.gov/vuln/detail/CVE-2026-0908
+freerdp2<3.21.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2026-23530
+freerdp2<3.21.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2026-23531
+freerdp2<3.21.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2026-23532
+freerdp2<3.21.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2026-23533
+freerdp2<3.21.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2026-23534
+freerdp2<3.21.0        heap-overflow   https://nvd.nist.gov/vuln/detail/CVE-2026-23732
+freerdp2<3.21.0        use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2026-23883
+freerdp2<3.21.0        use-after-free  https://nvd.nist.gov/vuln/detail/CVE-2026-23884
+inetutils<2.8  remote-authentication-bypass    https://nvd.nist.gov/vuln/detail/CVE-2026-24061
+nodejs20<20.20.0       security-bypass                         https://nvd.nist.gov/vuln/detail/CVE-2025-55130
+nodejs22<22.22.0       security-bypass                         https://nvd.nist.gov/vuln/detail/CVE-2025-55130
+nodejs24<24.13.0       security-bypass                         https://nvd.nist.gov/vuln/detail/CVE-2025-55130
+nodejs<25.3.0          security-bypass                         https://nvd.nist.gov/vuln/detail/CVE-2025-55130
+nodejs20<20.20.0       sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2025-55131
+nodejs22<22.22.0       sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2025-55131
+nodejs24<24.13.0       sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2025-55131
+nodejs<25.3.0          sensitive-information-disclosure        https://nvd.nist.gov/vuln/detail/CVE-2025-55131
+nodejs20<20.20.0       arbitrary-file-write                    https://nvd.nist.gov/vuln/detail/CVE-2025-55132
+nodejs22<22.22.0       arbitrary-file-write                    https://nvd.nist.gov/vuln/detail/CVE-2025-55132
+nodejs24<24.13.0       arbitrary-file-write                    https://nvd.nist.gov/vuln/detail/CVE-2025-55132
+nodejs<25.3.0          arbitrary-file-write                    https://nvd.nist.gov/vuln/detail/CVE-2025-55132
+nodejs24<24.13.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59464
+nodejs20<20.20.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59465
+nodejs22<22.22.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59465
+nodejs24<24.13.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59465
+nodejs<25.3.0          denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59465
+nodejs20<20.20.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59466
+nodejs22<22.22.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59466
+nodejs24<24.13.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59466
+nodejs<25.3.0          denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2025-59466
+nodejs<25.3.0          security-bypass                         https://nvd.nist.gov/vuln/detail/CVE-2026-21636
+nodejs20<20.20.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2026-21637
+nodejs22<22.22.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2026-21637
+nodejs24<24.13.0       denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2026-21637
+nodejs<25.3.0          denial-of-service                       https://nvd.nist.gov/vuln/detail/CVE-2026-21637
+py{27,310,311,312,313,314}-jaraco.context<6.1.0        directory-traversal     https://nvd.nist.gov/vuln/detail/CVE-2026-23949
+py{27,310,311,312,313,314}-ply-[0-9]*  code-execution  https://nvd.nist.gov/vuln/detail/CVE-2025-56005
+py{27,310,311,312,313,314}-weasyprint<68.0     server-side-request-forgery     https://nvd.nist.gov/vuln/detail/CVE-2025-68616
+python310-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-11468
+python311-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-11468
+python312-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-11468
+python313-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-11468
+python314-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-11468
+python310-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-15282
+python311-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-15282
+python312-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-15282
+python313-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-15282
+python314-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-15282
+python310-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15366
+python311-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15366
+python312-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15366
+python313-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15366
+python314-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15366
+python310-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15367
+python311-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15367
+python312-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15367
+python313-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15367
+python314-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2025-15367
+python310-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0672
+python311-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0672
+python312-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0672
+python313-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0672
+python314-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0672
+python310-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0865
+python311-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0865
+python312-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0865
+python313-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0865
+python314-[0-9]*       http-header-injection   https://nvd.nist.gov/vuln/detail/CVE-2026-0865

Prev by Date: CVS commit: pkgsrc/devel/codeberg-cli
Next by Date: CVS commit: pkgsrc/doc
Previous by Thread: CVS commit: pkgsrc/devel/codeberg-cli
Next by Thread: CVS commit: pkgsrc/doc
Indexes:

Home | Main Index | Thread Index | Old Index