FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-28 14:09:37 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4a4712ae-7299-11ee-85eb-84a93843eb75OpenSSL -- potential loss of confidentiality

SO-AND-SO reports:

Moderate severity: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers.


Discovery 2023-10-24
Entry 2023-10-24
openssl
< 3.0.12,1

openssl31
< 3.1.4

openssl-quictls
< 3.0.12

CVE-2023-5363
https://www.openssl.org/news/secadv/20231024.txt
10dee731-c069-11ee-9190-84a93843eb75OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Excessive time spent checking invalid RSA public keys (CVE-2023-6237)

PKCS12 Decoding crashes (CVE-2024-0727)


Discovery 2024-01-30
Entry 2024-01-31
openssl
< 3.0.13,1

openssl-quictls
< 3.0.13

openssl31
< 3.1.5

openssl31-quictls
< 3.1.5

openssl32
< 3.2.1

CVE-2024-0727
CVE-2023-6237
https://www.openssl.org/news/secadv/20240125.txt
https://www.openssl.org/news/secadv/20240115.txt
https://www.openssl.org/news/openssl-3.0-notes.html
https://www.openssl.org/news/openssl-3.1-notes.html
https://www.openssl.org/news/openssl-3.2-notes.html
a5956603-7e4f-11ee-9df6-84a93843eb75OpenSSL -- DoS in DH generation

The OpenSSL project reports:

Excessive time spent in DH check / generation with large Q parameter value (low). Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow.


Discovery 2023-11-08
Entry 2023-11-08
openssl
< 3.0.12_1,1

openssl111
< 1.1.1w_1

openssl31
< 3.1.4_1

openssl-quictls
< 3.0.12_1

openssl31-quictls
< 3.1.4_1

CVE-2023-5678
https://www.openssl.org/news/secadv/20231106.txt
8337251b-b07b-11ee-b0d7-84a93843eb75OpenSSL -- Vector register corruption on PowerPC

SO-AND-SO reports:

The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions.


Discovery 2024-01-09
Entry 2024-01-11
openssl
< 3.0.12_2,1

openssl-quictls
< 3.0.12_2

openssl31
< 3.1.4_2

openssl31-quictls
< 3.1.4_2

openssl32
< 3.2.0_1

CVE-2023-6129
https://www.openssl.org/news/secadv/20240109.txt