FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368515
Date:      2014-09-18
Time:      19:53:09Z
Committer: madpilot

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2ecb7b20-d97e-11e0-b2e2-00215c6a37bbOpenSSL -- multiple vulnerabilities

OpenSSL Team reports:

Two security flaws have been fixed in OpenSSL 1.0.0e

Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. (CVE-2011-3207)

OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. (CVE-2011-3210)


Discovery 2011-09-06
Entry 2011-09-07
Modified 2014-04-10
openssl
ge 1.0.0 lt 1.0.0_6

ge 0.9.8 lt 1.0.0

linux-f10-openssl
ge 0.9.8 lt 0.9.8r

CVE-2011-3207
CVE-2011-3210
http://www.openssl.org/news/secadv_20110906.txt
82b55df8-4d5a-11de-8811-0030843d3802openssl -- denial of service in DTLS implementation

Secunia reports:

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS.

The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS packets.

An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages.


Discovery 2009-05-18
Entry 2009-05-30
Modified 2014-04-10
openssl
ge 0.9.8 lt 0.9.8k_1

linux-f10-openssl
ge 0.9.8f lt 0.9.8m

CVE-2009-1377
CVE-2009-1378
http://secunia.com/advisories/35128/