FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-06-05 16:03:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6af5e3a3-f85a-11ef-95b9-589cfc10a551	unit -- potential security issue SO-AND-SO reports: Unit 1.34.2 fixes two issues in the Java language module websocket code. It addresses a potential security issue where we could get a negative payload length that could cause the Java language module process(es) to enter an infinite loop and consume excess CPU. This was a bug carried over from the initial Java websocket code import. It has been re-issued a CVE number (CVE-2025-1695). It addresses an issue whereby decoded payload lengths would be limited to 32 bits. Discovery 2025-03-03 Entry 2025-03-03 unit unit-java >= 1.11.0 lt 1.34.2 CVE-2025-1695 https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html

VuXML ID

Description

6af5e3a3-f85a-11ef-95b9-589cfc10a551

unit -- potential security issue

SO-AND-SO reports:

Unit 1.34.2 fixes two issues in the Java language module websocket code.

It addresses a potential security issue where we could get a negative payload length that could cause the Java language module process(es) to enter an infinite loop and consume excess CPU. This was a bug carried over from the initial Java websocket code import. It has been re-issued a CVE number (CVE-2025-1695).

It addresses an issue whereby decoded payload lengths would be limited to 32 bits.

Discovery 2025-03-03
Entry 2025-03-03
unit
unit-java

>= 1.11.0 lt 1.34.2

CVE-2025-1695
https://mailman.nginx.org/pipermail/unit/2025-March/QVYLJKLBIDWOJ7OLYGT27VUWH7RGBRQM.html