FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  318751
Date:      2013-05-22
Time:      09:14:17Z
Committer: rene

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
aa5bc971-d635-11e0-b3cf-080027ef73ec	nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl Heather Adkins, Google's Information Security Manager, reported that Google received [...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [...] VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident: On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. [...] an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. [...] Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they: revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort. Three central issues informed our decision: Failure to notify. [...] The scope of the breach remains unknown. [...] The attack is not theoretical. Discovery 2011-07-19 Entry 2011-09-03 Modified 2011-09-06 nss lt 3.12.11 ca_root_nss lt 3.12.11 firefox gt 3.6.,1 lt 3.6.22,1 gt 4.0.,1 lt 6.0.2,1 seamonkey lt 2.3.2 linux-firefox lt 3.6.22,1 thunderbird gt 3.1.* lt 3.1.14 gt 5.0.* lt 6.0.2 linux-thunderbird lt 3.1.14 linux-seamonkey lt 2.3.2 http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx http://www.mozilla.org/security/announce/2011/mfsa2011-34.html http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
aa5bc971-d635-11e0-b3cf-080027ef73ec	nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl Heather Adkins, Google's Information Security Manager, reported that Google received [...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [...] VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident: On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. [...] an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. [...] Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they: revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort. Three central issues informed our decision: Failure to notify. [...] The scope of the breach remains unknown. [...] The attack is not theoretical. Discovery 2011-07-19 Entry 2011-09-03 Modified 2011-09-06 nss lt 3.12.11 ca_root_nss lt 3.12.11 firefox gt 3.6.,1 lt 3.6.22,1 gt 4.0.,1 lt 6.0.2,1 seamonkey lt 2.3.2 linux-firefox lt 3.6.22,1 thunderbird gt 3.1.* lt 3.1.14 gt 5.0.* lt 6.0.2 linux-thunderbird lt 3.1.14 linux-seamonkey lt 2.3.2 http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx http://www.mozilla.org/security/announce/2011/mfsa2011-34.html http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

VuXML ID

Description

aa5bc971-d635-11e0-b3cf-080027ef73ec

nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl

Heather Adkins, Google's Information Security Manager, reported that Google received

[...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [...]

VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident:

On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. [...] an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. [...]

Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they:

revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort.
Three central issues informed our decision:

Failure to notify. [...]

The scope of the breach remains unknown. [...]

The attack is not theoretical.

Discovery 2011-07-19
Entry 2011-09-03
Modified 2011-09-06
nss

lt 3.12.11

ca_root_nss

lt 3.12.11

firefox

gt 3.6.*,1 lt 3.6.22,1

gt 4.0.*,1 lt 6.0.2,1

seamonkey

lt 2.3.2

linux-firefox

lt 3.6.22,1

thunderbird

gt 3.1.* lt 3.1.14

gt 5.0.* lt 6.0.2

linux-thunderbird

lt 3.1.14

linux-seamonkey

lt 2.3.2

http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html

aa5bc971-d635-11e0-b3cf-080027ef73ec

nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl

Heather Adkins, Google's Information Security Manager, reported that Google received

[...] reports of attempted SSL man-in-the-middle (MITM) attacks against Google users, whereby someone tried to get between them and encrypted Google services. The people affected were primarily located in Iran. The attacker used a fraudulent SSL certificate issued by DigiNotar, a root certificate authority that should not issue certificates for Google (and has since revoked it). [...]

VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident:

On July 19th 2011, DigiNotar detected an intrusion into its Certificate Authority (CA) infrastructure, which resulted in the fraudulent issuance of public key certificate requests for a number of domains, including Google.com. [...] an external security audit concluded that all fraudulently issued certificates were revoked. Recently, it was discovered that at least one fraudulent certificate had not been revoked at the time. [...]

Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they:

revoked our trust in the DigiNotar certificate authority from all Mozilla software. This is not a temporary suspension, it is a complete removal from our trusted root program. Complete revocation of trust is a decision we treat with careful consideration, and employ as a last resort.
Three central issues informed our decision:

Failure to notify. [...]

The scope of the breach remains unknown. [...]

The attack is not theoretical.

Discovery 2011-07-19
Entry 2011-09-03
Modified 2011-09-06
nss

lt 3.12.11

ca_root_nss

lt 3.12.11

firefox

gt 3.6.*,1 lt 3.6.22,1

gt 4.0.*,1 lt 6.0.2,1

seamonkey

lt 2.3.2

linux-firefox

lt 3.6.22,1

thunderbird

gt 3.1.* lt 3.1.14

gt 5.0.* lt 6.0.2

linux-thunderbird

lt 3.1.14

linux-seamonkey

lt 2.3.2