FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  374986
Date:      2014-12-20
Time:      00:21:30Z
Committer: delphij

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7184f92e-8bb8-11e1-8d7b-003067b2972cOpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Discovery 2012-04-19
Entry 2012-04-21
openssl
lt 1.0.1_1

CVE-2012-2110
http://marc.info/?l=full-disclosure&m=133483221408243
http://www.openssl.org/news/secadv_20120419.txt
dba5d1c9-9f29-11e1-b511-003067c2616fOpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports:

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.


Discovery 2012-05-10
Entry 2012-05-10
openssl
lt 1.0.1_2

CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt
7184f92e-8bb8-11e1-8d7b-003067b2972cOpenSSL -- integer conversions result in memory corruption

OpenSSL security team reports:

A potentially exploitable vulnerability has been discovered in the OpenSSL function asn1_d2i_read_bio. Any application which uses BIO or FILE based functions to read untrusted DER format data is vulnerable. Affected functions are of the form d2i_*_bio or d2i_*_fp, for example d2i_X509_bio or d2i_PKCS12_fp.


Discovery 2012-04-19
Entry 2012-04-21
openssl
lt 1.0.1_1

CVE-2012-2110
http://marc.info/?l=full-disclosure&m=133483221408243
http://www.openssl.org/news/secadv_20120419.txt
dba5d1c9-9f29-11e1-b511-003067c2616fOpenSSL -- DTLS and TLS 1.1, 1.2 denial of service

OpenSSL security team reports:

A flaw in the OpenSSL handling of CBC mode ciphersuites in TLS 1.1, 1.2 and DTLS can be exploited in a denial of service attack on both clients and servers.


Discovery 2012-05-10
Entry 2012-05-10
openssl
lt 1.0.1_2

CVE-2012-2333
http://www.openssl.org/news/secadv_20120510.txt