pkg-vulnerabilities: restrict CVE-2025-13151

iamleot · iamleot · commit d20f2e408e10 · 2026-01-09T12:02:35.000Z
libtasn1-4.21.0 was released and contains a fix for it.
diff --git a/doc/pkg-vulnerabilities b/doc/pkg-vulnerabilities
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.709 2026/01/08 10:50:24 leot Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.710 2026/01/09 12:02:35 leot Exp $
 #
 #FORMAT 1.0.0
 #
@@ -29326,6 +29326,6 @@ iperf3<3.17	timing-side-channel	https://nvd.nist.gov/vuln/detail/CVE-2024-26306
 iperf3<3.18	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2024-53580
 php>=8.1<8.2		eol	https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages
 chromium<143.0.7499.192 	code-injection	https://nvd.nist.gov/vuln/detail/CVE-2026-0628
-libtasn1-[0-9]*	stack-overflow		https://nvd.nist.gov/vuln/detail/CVE-2025-13151
+libtasn1<4.21.0	stack-overflow		https://nvd.nist.gov/vuln/detail/CVE-2025-13151
 lmdb-[0-9]*	out-of-bounds-read	https://nvd.nist.gov/vuln/detail/CVE-2026-22185
 py{27,310,311,312,313,314}-urllib3<2.6.3	denial-of-service	https://nvd.nist.gov/vuln/detail/CVE-2026-21441

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# $NetBSD: pkg-vulnerabilities,v 1.709 2026/01/08 10:50:24 leot Exp $`
	`1`	`+# $NetBSD: pkg-vulnerabilities,v 1.710 2026/01/09 12:02:35 leot Exp $`
`2`	`2`	`#`
`3`	`3`	`#FORMAT 1.0.0`
`4`	`4`	`#`
`@@ -29326,6 +29326,6 @@ iperf3<3.17 timing-side-channel https://nvd.nist.gov/vuln/detail/CVE-2024-26306`
`29326`	`29326`	`iperf3<3.18 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2024-53580`
`29327`	`29327`	`php>=8.1<8.2 eol https://ftp.NetBSD.org/pub/NetBSD/packages/vulns/eol-packages`
`29328`	`29328`	`chromium<143.0.7499.192 code-injection https://nvd.nist.gov/vuln/detail/CVE-2026-0628`
`29329`		`-libtasn1-[0-9]* stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-13151`
	`29329`	`+libtasn1<4.21.0 stack-overflow https://nvd.nist.gov/vuln/detail/CVE-2025-13151`
`29330`	`29330`	`lmdb-[0-9]* out-of-bounds-read https://nvd.nist.gov/vuln/detail/CVE-2026-22185`
`29331`	`29331`	`py{27,310,311,312,313,314}-urllib3<2.6.3 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2026-21441`