FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  368362
Date:      2014-09-17
Time:      11:04:33Z
Committer: kwm

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
lt 2.8.3

gnutls-devel
lt 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
64bf6234-520d-11db-8f1a-000a48049292gnutls -- RSA Signature Forgery Vulnerability

Secunia reports:

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.


Discovery 2006-09-08
Entry 2006-10-02
gnutls
gnutls-devel
lt 1.4.4

20027
CVE-2006-4790
http://secunia.com/advisories/21937
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
64bf6234-520d-11db-8f1a-000a48049292gnutls -- RSA Signature Forgery Vulnerability

Secunia reports:

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error in the verification of certain signatures. If a RSA key with exponent 3 is used, it may be possible to forge PKCS #1 v1.5 signatures signed with that key.


Discovery 2006-09-08
Entry 2006-10-02
gnutls
gnutls-devel
lt 1.4.4

20027
CVE-2006-4790
http://secunia.com/advisories/21937
http://lists.gnupg.org/pipermail/gnutls-dev/2006-September/001205.html
b31a1088-460f-11de-a11a-0022156e8794GnuTLS -- multiple vulnerabilities

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

  • A remote code-execution vulnerability.
  • A denial-of-service vulnerability.
  • A signature-generation vulnerability.
  • A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.


Discovery 2009-05-21
Entry 2009-08-17
gnutls
lt 2.6.6

gnutls-devel
lt 2.7.8

CVE-2009-1415
CVE-2009-1416
CVE-2009-1417
34783
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
lt 2.8.3

gnutls-devel
lt 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
b31a1088-460f-11de-a11a-0022156e8794GnuTLS -- multiple vulnerabilities

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

  • A remote code-execution vulnerability.
  • A denial-of-service vulnerability.
  • A signature-generation vulnerability.
  • A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.


Discovery 2009-05-21
Entry 2009-08-17
gnutls
lt 2.6.6

gnutls-devel
lt 2.7.8

CVE-2009-1415
CVE-2009-1416
CVE-2009-1417
34783
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517