FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  365592
Date:      2014-08-21
Time:      19:46:21Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2c2d4e83-2370-11e0-a91b-00e0815b8da8tarsnap -- cryptographic nonce reuse

Colin Percival reports:

In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. (The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk.)

Note that since the Tarsnap client-server protocol is encrypted, being able to intercept Tarsnap client-server traffic does not provide an attacker with access to the data.


Discovery 2011-01-18
Entry 2011-01-19
tarsnap
ge 1.0.22 le 1.0.27

http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html
2c2d4e83-2370-11e0-a91b-00e0815b8da8tarsnap -- cryptographic nonce reuse

Colin Percival reports:

In versions 1.0.22 through 1.0.27 of Tarsnap, the CTR nonce value is not incremented after each chunk is encrypted. (The CTR counter is correctly incremented after each 16 bytes of data was processed, but this counter is reset to zero for each new chunk.)

Note that since the Tarsnap client-server protocol is encrypted, being able to intercept Tarsnap client-server traffic does not provide an attacker with access to the data.


Discovery 2011-01-18
Entry 2011-01-19
tarsnap
ge 1.0.22 le 1.0.27

http://www.daemonology.net/blog/2011-01-18-tarsnap-critical-security-bug.html