FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  369658
Date:      2014-09-30
Time:      20:09:32Z
Committer: brd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
lt 2.8.3

gnutls-devel
lt 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
lt 2.8.3

gnutls-devel
lt 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
b31a1088-460f-11de-a11a-0022156e8794GnuTLS -- multiple vulnerabilities

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

  • A remote code-execution vulnerability.
  • A denial-of-service vulnerability.
  • A signature-generation vulnerability.
  • A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.


Discovery 2009-05-21
Entry 2009-08-17
gnutls
lt 2.6.6

gnutls-devel
lt 2.7.8

CVE-2009-1415
CVE-2009-1416
CVE-2009-1417
34783
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517
b31a1088-460f-11de-a11a-0022156e8794GnuTLS -- multiple vulnerabilities

SecurityFocus reports:

GnuTLS is prone to multiple remote vulnerabilities:

  • A remote code-execution vulnerability.
  • A denial-of-service vulnerability.
  • A signature-generation vulnerability.
  • A signature-verification vulnerability.

An attacker can exploit these issues to potentially execute arbitrary code, trigger denial-of-service conditions, carry out attacks against data signed with weak signatures, and cause clients to accept expired or invalid certificates from servers.


Discovery 2009-05-21
Entry 2009-08-17
gnutls
lt 2.6.6

gnutls-devel
lt 2.7.8

CVE-2009-1415
CVE-2009-1416
CVE-2009-1417
34783
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3517