CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Leonardo Taccari" <leot%netbsd.org@localhost>
Date: Wed, 21 Jan 2026 21:30:49 +0000

Module Name:    pkgsrc
Committed By:   leot
Date:           Wed Jan 21 21:30:49 UTC 2026

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
pkg-vulnerabilities: add last 12 hours CVEs

+ bind, glib2 (fixed in 2.87.1, unclear if 2.86.x is affected and/or will get a
  backport),
  moodle (no further details, assume not fixed and maybe not even reported
  upstream),
  php-phpgadmin (no further details, assume not fixed and maybe not even
  reported upstream),
  proftpd (no further details, assume not fixed and maybe not even
  reported upstream),
  python (fixed upstream, no stable releases with the fix)


To generate a diff of this commit:
cvs rdiff -u -r1.719 -r1.720 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.719 pkgsrc/doc/pkg-vulnerabilities:1.720
--- pkgsrc/doc/pkg-vulnerabilities:1.719        Wed Jan 21 18:08:52 2026
+++ pkgsrc/doc/pkg-vulnerabilities      Wed Jan 21 21:30:49 2026
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.719 2026/01/21 18:08:52 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.720 2026/01/21 21:30:49 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -29493,3 +29493,13 @@ mysql-server<8.0.45    multiple-vulnerabili
 openjdk11<11.0.30      multiple-vulnerabilities        https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA
 openjdk17<17.0.18      multiple-vulnerabilities        https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA
 openjdk21<21.0.10      multiple-vulnerabilities        https://www.oracle.com/security-alerts/cpujan2026.html#AppendixJAVA
+bind<9.18.44           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2025-13878
+glib2<2.87.1           denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2026-0988
+moodle-[0-9]*          cross-site-scripting    https://nvd.nist.gov/vuln/detail/CVE-2021-47857
+php{56,74,81,82,83,84}-phppgadmin-[0-9]*       command-injection       https://nvd.nist.gov/vuln/detail/CVE-2021-47853
+proftpd-[0-9]*         denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2021-47865
+python310-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-12781
+python311-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-12781
+python312-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-12781
+python313-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-12781
+python314-[0-9]*       input-validation        https://nvd.nist.gov/vuln/detail/CVE-2025-12781

Prev by Date: CVS commit: pkgsrc/www/palemoon-gtk3
Next by Date: Re: CVS commit: pkgsrc/lang/rust
Previous by Thread: CVS commit: pkgsrc/www/palemoon-gtk3
Next by Thread: Re: CVS commit: pkgsrc/lang/rust
Indexes:

Home | Main Index | Thread Index | Old Index