FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-18 11:12:36 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
10f7bc76-0335-4a88-b391-0b05b3a8ce1c	NSS -- MD5 downgrade in TLS 1.2 signatures The Mozilla Project reports: Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks. Discovery 2015-12-22 Entry 2015-12-28 nss linux-c6-nss ge 3.20 lt 3.20.2 < 3.19.2.2 linux-firefox < 43.0.2,1 linux-thunderbird < 38.5.1 linux-seamonkey < 2.40 CVE-2015-7575 https://www.mozilla.org/security/advisories/mfsa2015-150/ https://hg.mozilla.org/projects/nss/rev/94e1157f3fbb

VuXML ID

Description

10f7bc76-0335-4a88-b391-0b05b3a8ce1c

NSS -- MD5 downgrade in TLS 1.2 signatures

The Mozilla Project reports:

Security researcher Karthikeyan Bhargavan reported an issue in Network Security Services (NSS) where MD5 signatures in the server signature within the TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This issues exposes NSS based clients such as Firefox to theoretical collision-based forgery attacks.

Discovery 2015-12-22
Entry 2015-12-28
nss
linux-c6-nss

ge 3.20 lt 3.20.2

< 3.19.2.2

linux-firefox

< 43.0.2,1

linux-thunderbird

< 38.5.1

linux-seamonkey

< 2.40

CVE-2015-7575
https://www.mozilla.org/security/advisories/mfsa2015-150/
https://hg.mozilla.org/projects/nss/rev/94e1157f3fbb