FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  527403
Date:      2020-02-29
Time:      09:59:14Z
Committer: mfechner

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7da0417f-6b24-11e8-84cc-002590acae31gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports:

GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.


Discovery 2018-06-07
Entry 2018-06-08
gnupg
lt 2.2.8

gnupg1
lt 1.4.23

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
CVE-2018-12020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
CVE-2017-7526
23f65f58-a261-11e9-b444-002590acae31GnuPG -- denial of service

From the GnuPG 2.2.17 changelog:

gpg: Ignore all key-signatures received from keyservers. This change is required to mitigate a DoS due to keys flooded with faked key-signatures.


Discovery 2019-07-03
Entry 2019-07-09
gnupg
lt 2.2.17

https://dev.gnupg.org/T4606
https://dev.gnupg.org/T4607