FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  365592
Date:      2014-08-21
Time:      19:46:21Z
Committer: zi

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
lt 2.8.3

gnutls-devel
lt 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
856a6f84-8b30-11de-8062-00e0815b8da8GnuTLS -- improper SSL certificate verification

GnuTLS reports:

By using a NUL byte in CN/SAN fields, it was possible to fool GnuTLS into 1) not printing the entire CN/SAN field value when printing a certificate and 2) cause incorrect positive matches when matching a hostname against a certificate.


Discovery 2009-08-11
Entry 2009-08-17
gnutls
lt 2.8.3

gnutls-devel
lt 2.9.0

CVE-2009-2730
http://article.gmane.org/gmane.network.gnutls.general/1733
http://secunia.com/advisories/36266
f645aa90-a3e8-11e3-a422-3c970e169bc2gnutls -- multiple certificate verification issues

GnuTLS project reports:

A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior).


Discovery 2014-03-03
Entry 2014-03-04
Modified 2014-04-30
gnutls
lt 2.12.23_4

linux-f10-gnutls
lt 2.12.23_4

gnutls-devel
lt 3.1.22

gt 3.2.0 lt 3.2.12

gnutls3
lt 3.1.22

gt 3.2.0 lt 3.2.12

CVE-2014-0092
CVE-2014-1959
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2