FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  517534
Date:      2019-11-13
Time:      23:45:36Z
Committer: sunpoet

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
23f65f58-a261-11e9-b444-002590acae31GnuPG -- denial of service

From the GnuPG 2.2.17 changelog:

gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures.


Discovery 2019-07-03
Entry 2019-07-09
gnupg
lt 2.2.17

https://dev.gnupg.org/T4606
https://dev.gnupg.org/T4607
7da0417f-6b24-11e8-84cc-002590acae31gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports:

GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.


Discovery 2018-06-07
Entry 2018-06-08
gnupg
lt 2.2.8

gnupg1
lt 1.4.23

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
CVE-2018-12020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
CVE-2017-7526
1c840eb9-fb32-11e3-866e-b499baab0cbegnupg -- possible DoS using garbled compressed data packets

Werner Koch reports:

This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.


Discovery 2014-06-23
Entry 2014-06-23
gnupg1
lt 1.4.17

gnupg
lt 2.0.24

http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html