CVS commit: pkgsrc/doc

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/doc
From: "Thomas Klausner" <wiz%netbsd.org@localhost>
Date: Tue, 11 Jun 2024 06:08:04 +0000

Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue Jun 11 06:08:04 UTC 2024

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc: add some upper bounds for grafana and gitea

These entries look govulncheck-generated, and govulncheck reports
no problem with the current versions.

Use current version as upper bound (could probably be lowered).


To generate a diff of this commit:
cvs rdiff -u -r1.206 -r1.207 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.206 pkgsrc/doc/pkg-vulnerabilities:1.207
--- pkgsrc/doc/pkg-vulnerabilities:1.206        Sun Jun  9 18:32:17 2024
+++ pkgsrc/doc/pkg-vulnerabilities      Tue Jun 11 06:08:04 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.206 2024/06/09 18:32:17 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.207 2024/06/11 06:08:04 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -21537,7 +21537,7 @@ php{56,72,73,74,80}-nextcloud<21.0.3    inf
 php{56,72,73,74,80}-nextcloud<21.0.3   remote-security-bypass  https://nvd.nist.gov/vuln/detail/CVE-2021-32678
 php{56,72,73,74,80}-nextcloud<21.0.3   information-disclosure  https://nvd.nist.gov/vuln/detail/CVE-2021-32679
 prometheus<2.50.1      insufficiently-random-numbers   https://nvd.nist.gov/vuln/detail/CVE-2021-3538
-grafana-[0-9]* insufficiently-random-numbers   https://nvd.nist.gov/vuln/detail/CVE-2021-3538
+grafana<11     insufficiently-random-numbers   https://nvd.nist.gov/vuln/detail/CVE-2021-3538
 apache-ant<1.9.16              denial-of-service               https://nvd.nist.gov/vuln/detail/CVE-2021-36373
 apache-ant>=1.10<1.10.11       denial-of-service               https://nvd.nist.gov/vuln/detail/CVE-2021-36373
 apache-ant<1.9.16              denial-of-service               https://nvd.nist.gov/vuln/detail/CVE-2021-36374
@@ -25852,8 +25852,8 @@ terraform-provider-aws-[0-9]*   denial-of-
 authelia-[0-9]*        path-traversal  https://pkg.go.dev/vuln/GO-2022-0355
 authelia-[0-9]*        out-of-bounds-read      https://pkg.go.dev/vuln/GO-2021-0113
 apisprout-[0-9]*       denial-of-service       https://pkg.go.dev/vuln/GO-2021-0061
-gitea-[0-9]*   man-in-the-middle       https://pkg.go.dev/vuln/GO-2023-2402
-gitea-[0-9]*   improper-rendering      https://pkg.go.dev/vuln/GO-2023-1988
+gitea<1.22     man-in-the-middle       https://pkg.go.dev/vuln/GO-2023-2402
+gitea<1.22     improper-rendering      https://pkg.go.dev/vuln/GO-2023-1988
 openssh<9.6    command-injection       https://nvd.nist.gov/vuln/detail/CVE-2023-51385
 libssh<0.10.6  command-injection       https://nvd.nist.gov/vuln/detail/CVE-2023-6004
 p5-Spreadsheet-ParseExcel<0.6600               remote-code-execution   https://nvd.nist.gov/vuln/detail/CVE-2023-7101

Prev by Date: CVS commit: pkgsrc/print/luatex
Next by Date: CVS commit: pkgsrc/security/mozilla-rootcerts-openssl
Previous by Thread: CVS commit: pkgsrc/print/luatex
Next by Thread: CVS commit: pkgsrc/security/mozilla-rootcerts-openssl
Indexes:

Home | Main Index | Thread Index | Old Index