FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-29 11:53:11 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4b824428-fb93-11f0-b194-8447094a420f	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187) Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467) NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468) "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469) TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199) Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160) Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418) Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419) Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420) NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421) Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795) ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796) Discovery 2026-01-27 Entry 2026-01-27 Modified 2026-01-28 FreeBSD >= 15.0 lt 15.0_2 >= 14.3 lt 14.3_8 >= 13.5 lt 13.5_9 openssl < 3.0.19,1 openssl33 < 3.3.6 openssl34 < 3.4.4 openssl35 < 3.5.5 openssl36 < 3.6.1 openssl < 3.0.19 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 https://openssl-library.org/news/secadv/20260127.txt SA-26:01.openssl
ee1e6a24-1eeb-11f1-81da-8447094a420f	OpenSSL -- key agreement vulnerability The OpenSSL project reports: TLS 1.3 server may choose unexpected key agreement group (Low) An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword. Discovery 2026-03-13 Entry 2026-03-13 openssl35 < 3.5.5_1 openssl36 < 3.6.1_1 CVE-2026-2673 https://openssl-library.org/news/secadv/20260313.txt

VuXML ID

Description

4b824428-fb93-11f0-b194-8447094a420f

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)

Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)

NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)

"openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)

TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)

Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)

Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)

Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)

Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)

NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)

Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)

ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

Discovery 2026-01-27
Entry 2026-01-27
Modified 2026-01-28
FreeBSD

>= 15.0 lt 15.0_2

>= 14.3 lt 14.3_8

>= 13.5 lt 13.5_9

openssl

< 3.0.19,1

openssl33

< 3.3.6

openssl34

< 3.4.4

openssl35

< 3.5.5

openssl36

< 3.6.1

openssl

< 3.0.19

CVE-2025-11187
CVE-2025-15467
CVE-2025-15468
CVE-2025-15469
CVE-2025-66199
CVE-2025-68160
CVE-2025-69418
CVE-2025-69419
CVE-2025-69420
CVE-2025-69421
CVE-2026-22795
CVE-2026-22796
https://openssl-library.org/news/secadv/20260127.txt
SA-26:01.openssl

ee1e6a24-1eeb-11f1-81da-8447094a420f

OpenSSL -- key agreement vulnerability

The OpenSSL project reports:

TLS 1.3 server may choose unexpected key agreement group (Low)

An OpenSSL TLS 1.3 server may fail to negotiate the expected preferred key exchange group when its key exchange group configuration includes the default by using the "DEFAULT" keyword.

Discovery 2026-03-13
Entry 2026-03-13
openssl35

< 3.5.5_1

openssl36

< 3.6.1_1

CVE-2026-2673
https://openssl-library.org/news/secadv/20260313.txt