FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  393358
Date:      2015-07-31
Time:      16:36:08Z
Committer: feld

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7184f92e-8bb8-11e1-8d7b-003067b2972cOpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Discovery 2012-04-19
Entry 2012-04-21
openssl
lt 1.0.1_1

CVE-2012-2110
http://marc.info/?l=full-disclosure&m=133483221408243
http://www.openssl.org/news/secadv_20120419.txt
00b0d8cd-7097-11e2-98d9-003067c2616fOpenSSL -- TLS 1.1, 1.2 denial of service

OpenSSL security team reports:

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1 and TLS 1.2 on AES-NI supporting platforms can be exploited in a DoS attack.

A flaw in the OpenSSL handling of OCSP response verification can be exploited in a denial of service attack.


Discovery 2013-02-05
Entry 2013-02-06
openssl
lt 1.0.1_6

CVE-2012-2686
CVE-2013-0166
CVE-2013-0169
http://www.openssl.org/news/secadv_20120510.txt
dba5d1c9-9f29-11e1-b511-003067c2616fOpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports:

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.


Discovery 2012-05-10
Entry 2012-05-10
openssl
lt 1.0.1_2

CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt
7184f92e-8bb8-11e1-8d7b-003067b2972cOpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Discovery 2012-04-19
Entry 2012-04-21
openssl
lt 1.0.1_1

CVE-2012-2110
http://marc.info/?l=full-disclosure&m=133483221408243
http://www.openssl.org/news/secadv_20120419.txt
5aaa257e-772d-11e3-a65a-3c970e169bc2openssl -- multiple vulnerabilities

OpenSSL development team reports:

Major changes between OpenSSL 1.0.1e and OpenSSL 1.0.1f [6 Jan 2014]:

  • Fix for TLS record tampering bug [CVE-2013-4353]
  • Fix for TLS version checking bug [CVE-2013-6449]
  • Fix for DTLS retransmission bug [CVE-2013-6450]

Discovery 2014-01-06
Entry 2014-01-06
openssl
lt 1.0.1_9

CVE-2013-4353
CVE-2013-6449
CVE-2013-6450
http://www.openssl.org/news/openssl-1.0.1-notes.html