pkg-vulnerabilities: add upper bound for prometheus

0-wiz-0 · 0-wiz-0 · commit 823a6d7f9487 · 2024-03-03T12:55:49.000Z
The current prometheus is not using the vulnerable library any longer,
but I can't easily find out when that happened, so mark today's version
as fixed.
diff --git a/doc/pkg-vulnerabilities b/doc/pkg-vulnerabilities
@@ -1,4 +1,4 @@
-# $NetBSD: pkg-vulnerabilities,v 1.143 2024/02/27 13:37:50 tm Exp $
+# $NetBSD: pkg-vulnerabilities,v 1.144 2024/03/03 12:55:49 wiz Exp $
 #
 #FORMAT 1.0.0
 #
@@ -21538,7 +21538,7 @@ php{56,72,73,74,80}-nextcloud<21.0.3	information-disclosure	https://nvd.nist.gov
 php{56,72,73,74,80}-nextcloud<21.0.3	information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2021-32680
 php{56,72,73,74,80}-nextcloud<21.0.3	remote-security-bypass	https://nvd.nist.gov/vuln/detail/CVE-2021-32678
 php{56,72,73,74,80}-nextcloud<21.0.3	information-disclosure	https://nvd.nist.gov/vuln/detail/CVE-2021-32679
-prometheus-[0-9]*	insufficiently-random-numbers	https://nvd.nist.gov/vuln/detail/CVE-2021-3538
+prometheus<2.50.1	insufficiently-random-numbers	https://nvd.nist.gov/vuln/detail/CVE-2021-3538
 grafana-[0-9]*	insufficiently-random-numbers	https://nvd.nist.gov/vuln/detail/CVE-2021-3538
 apache-ant<1.9.16		denial-of-service		https://nvd.nist.gov/vuln/detail/CVE-2021-36373
 apache-ant>=1.10<1.10.11	denial-of-service		https://nvd.nist.gov/vuln/detail/CVE-2021-36373

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-# $NetBSD: pkg-vulnerabilities,v 1.143 2024/02/27 13:37:50 tm Exp $`
	`1`	`+# $NetBSD: pkg-vulnerabilities,v 1.144 2024/03/03 12:55:49 wiz Exp $`
`2`	`2`	`#`
`3`	`3`	`#FORMAT 1.0.0`
`4`	`4`	`#`
`@@ -21538,7 +21538,7 @@ php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov`
`21538`	`21538`	`php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-32680`
`21539`	`21539`	`php{56,72,73,74,80}-nextcloud<21.0.3 remote-security-bypass https://nvd.nist.gov/vuln/detail/CVE-2021-32678`
`21540`	`21540`	`php{56,72,73,74,80}-nextcloud<21.0.3 information-disclosure https://nvd.nist.gov/vuln/detail/CVE-2021-32679`
`21541`		`-prometheus-[0-9]* insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538`
	`21541`	`+prometheus<2.50.1 insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538`
`21542`	`21542`	`grafana-[0-9]* insufficiently-random-numbers https://nvd.nist.gov/vuln/detail/CVE-2021-3538`
`21543`	`21543`	`apache-ant<1.9.16 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-36373`
`21544`	`21544`	`apache-ant>=1.10<1.10.11 denial-of-service https://nvd.nist.gov/vuln/detail/CVE-2021-36373`