CVS commit: pkgsrc/doc

["Thomas Klausner" <wiz%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   wiz
Date:           Tue Sep 10 07:55:15 UTC 2024

Modified Files:
        pkgsrc/doc: pkg-vulnerabilities

Log Message:
doc: add upper bounds for Python vulnerabilities


To generate a diff of this commit:
cvs rdiff -u -r1.256 -r1.257 pkgsrc/doc/pkg-vulnerabilities

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/doc/pkg-vulnerabilities
diff -u pkgsrc/doc/pkg-vulnerabilities:1.256 pkgsrc/doc/pkg-vulnerabilities:1.257
--- pkgsrc/doc/pkg-vulnerabilities:1.256        Mon Sep  9 20:24:57 2024
+++ pkgsrc/doc/pkg-vulnerabilities      Tue Sep 10 07:55:14 2024
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.256 2024/09/09 20:24:57 wiz Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.257 2024/09/10 07:55:14 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -26058,11 +26058,11 @@ unbound<1.21.0                denial-of-service       https:
 webkit-gtk<2.44.3      heap-corruption https://nvd.nist.gov/vuln/detail/CVE-2024-4558
 py{38,39,310,311,312}-WebOb<1.8.8      open-redirect   https://nvd.nist.gov/vuln/detail/CVE-2024-42353
 vim<9.1.0689   heap-buffer-overflow    https://github.com/vim/vim/security/advisories/GHSA-v2x2-cjcg-f9jm
-python38-[0-9]*        infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
-python39-[0-9]*        infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
-python310-[0-9]*       infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
-python311-[0-9]*       infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
-python312-[0-9]*       infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
+python38<3.8.20        infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
+python39<3.9.20        infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
+python310<3.10.15      infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
+python311<3.11.10      infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
+python312<3.12.6       infinite-loop   https://nvd.nist.gov/vuln/detail/CVE-2024-8088
 apr<1.7.5      privilege-escalation    https://nvd.nist.gov/vuln/detail/CVE-2023-49582
 vim<9.1.0697   heap-buffer-overflow    https://github.com/vim/vim/security/advisories/GHSA-4ghr-c62x-cqfh
 vim<9.1.0707   heap-buffer-overflow    https://github.com/vim/vim/security/advisories/GHSA-wxf9-c5gx-qrwr
@@ -26075,11 +26075,11 @@ go123<1.23.1  denial-of-service       https://n
 expat<2.6.3    arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-45490
 expat<2.6.3    arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-45491
 expat<2.6.3    arbitrary-code-execution        https://nvd.nist.gov/vuln/detail/CVE-2024-45492
-python38-[0-9]*        denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
-python39-[0-9]*        denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
-python310-[0-9]*       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
-python311-[0-9]*       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
-python312-[0-9]*       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
+python38<3.8.20        denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
+python39<3.9.20        denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
+python310<3.10.15      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
+python311<3.11.10      denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
+python312<3.12.6       denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6232
 openssl<3.3.2  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-6119
 py{38,39,310,311,312}-django>=4<4.2.16 denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-45230
 py{38,39,310,311,312}-django>=5<5.1.1  denial-of-service       https://nvd.nist.gov/vuln/detail/CVE-2024-45230