FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517704
Date:      2019-11-15
Time:      22:46:16Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
23f65f58-a261-11e9-b444-002590acae31GnuPG -- denial of service

From the GnuPG 2.2.17 changelog:

gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures.


Discovery 2019-07-03
Entry 2019-07-09
gnupg
lt 2.2.17

https://dev.gnupg.org/T4606
https://dev.gnupg.org/T4607
1c840eb9-fb32-11e3-866e-b499baab0cbegnupg -- possible DoS using garbled compressed data packets

Werner Koch reports:

This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.


Discovery 2014-06-23
Entry 2014-06-23
gnupg1
lt 1.4.17

gnupg
lt 2.0.24

http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html
7da0417f-6b24-11e8-84cc-002590acae31gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports:

GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.


Discovery 2018-06-07
Entry 2018-06-08
gnupg
lt 2.2.8

gnupg1
lt 1.4.23

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
CVE-2018-12020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
CVE-2017-7526
749b5587-2da1-11e3-b1a9-b499baab0cbegnupg -- possible infinite recursion in the compressed packet parser

Werner Koch reports:

Special crafted input data may be used to cause a denial of service against GPG (GnuPG's OpenPGP part) and some other OpenPGP implementations. All systems using GPG to process incoming data are affected..


Discovery 2013-10-05
Entry 2013-10-05
gnupg
lt 1.4.15

ge 2.0.0 lt 2.0.22

CVE-2013-4402