pkgsrc-WIP-changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
gnurl: Add file on CVEs.
Module Name: pkgsrc-wip
Committed By: nikita <nikita%NetBSD.org@localhost>
Pushed By: nikita
Date: Fri Apr 1 11:40:36 2022 +0200
Changeset: b4053d45610956b0b04e1bac3aea487e9b4a0a85
Added Files:
gnurl/gnurl-CVEs
Log Message:
gnurl: Add file on CVEs.
To see a diff of this commit:
https://wip.pkgsrc.org/cgi-bin/gitweb.cgi?p=pkgsrc-wip.git;a=commitdiff;h=b4053d45610956b0b04e1bac3aea487e9b4a0a85
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
diffstat:
gnurl/gnurl-CVEs | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diffs:
diff --git a/gnurl/gnurl-CVEs b/gnurl/gnurl-CVEs
new file mode 100644
index 0000000000..ace2edbd4e
--- /dev/null
+++ b/gnurl/gnurl-CVEs
@@ -0,0 +1,22 @@
+This is an outdated, currently unmaintained software.
+The following is a list of CVEs checked against since its
+last release (7.72.0) against an upstream CVE list up until
+7.82.0 with no warranty of completion or correctness.
+
+CVE-2020-8286 (fixed in cURL 7.74.0) does not apply (only applies if the designated TLS Backend is OpenSSL).
+CVE-2020-8284 (fixed in cURL 7.74.0) does not apply, as gnurl is built without FTP support.
+CVE-2020-8285 (fixed in cURL 7.74.0) most likely does not apply for the same reason.
+CVE-2021-22876 (fixed in cURL 7.76.0) does not apply in the upstream user wip/gnunet, as it makes no use of CURLOPT_AUTOREFERER.
+CVE-2021-22890: ?
+CVE-2021-22897 (fixed in cURL 7.61.0) does not apply in the upstream user wip/gnunet, as it makes no use of CURLOPT_SSL_CIPHER_LIST.
+CVE-2021-22898 (fixed in cURL 7.61.0) does not apply, as gnurl is built without Telnet support.
+CVE-2021-22901 (fixed in cURL 7.77.0) does not apply, as gnurl is built without OpenSSL.
+CVE-2021-22924: ?
+CVE-2021-22926 (fixed in cURL 7.78.0) most likely does not apply, as gnurl does not support being built on macOS built to use Secure Transport.
+CVE-2021-22922 (fixed in cURL 7.78.0) does not apply, as gnurl is built without libmetalink.
+CVE-2021-22923 (fixed in cURL 7.78.0) does not apply, as gnurl is built without libmetalink.
+CVE-2021-22924 (fixed in cURL 7.78.0): ?
+CVE-2021-22925 (fixed in cURL 7.78.0) does not apply, as gnurl is built without Telnet support.
+CVE-2021-22945 (fixed in cURL 7.79.0) does not apply, as the current gnurl release is based on curl 7.72.0 and did not enable experimental features.
+CVE-2021-22946 (fixed in cURL 7.79.0): ?
+CVE-2021-22947 (fixed in cURL 7.79.0) does not apply, as gnurl is built without IMAP, POP3, SMTP and FTP support.
\ No newline at end of file
Home |
Main Index |
Thread Index |
Old Index