FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  556424
Date:      2020-11-27
Time:      00:34:50Z
Committer: brd

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
749b5587-2da1-11e3-b1a9-b499baab0cbegnupg -- possible infinite recursion in the compressed packet parser

Werner Koch reports:

Special crafted input data may be used to cause a denial of service against GPG (GnuPG's OpenPGP part) and some other OpenPGP implementations. All systems using GPG to process incoming data are affected..

Discovery 2013-10-05
Entry 2013-10-05
lt 1.4.15

ge 2.0.0 lt 2.0.22

7da0417f-6b24-11e8-84cc-002590acae31gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports:

GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.

Discovery 2018-06-07
Entry 2018-06-08
lt 2.2.8

lt 1.4.23
1c840eb9-fb32-11e3-866e-b499baab0cbegnupg -- possible DoS using garbled compressed data packets

Werner Koch reports:

This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.

Discovery 2014-06-23
Entry 2014-06-23
lt 1.4.17

lt 2.0.24
23f65f58-a261-11e9-b444-002590acae31GnuPG -- denial of service

From the GnuPG 2.2.17 changelog:

gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures.

Discovery 2019-07-03
Entry 2019-07-09
lt 2.2.17