FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-04-17 12:25:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c7a52cee-32ab-11f1-9839-8447094a420f	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Seven vulnerabilities in OpenSSL library. Highest classification Moderate. Discovery 2026-04-07 Entry 2026-04-07 openssl < 3.0.20,1 openssl34 < 3.4.5 openssl35 < 3.5.6 openssl36 < 3.6.2 openssl111 < 1.1.1zg CVE-2026-31790 CVE-2026-2637 CVE-2026-28386 CVE-2026-28387 CVE-2026-28388 CVE-2026-28389 CVE-2026-28390 CVE-2026-31789 https://openssl-library.org/news/secadv/20260407.txt
4b824428-fb93-11f0-b194-8447094a420f	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187) Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467) NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468) "openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469) TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199) Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160) Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418) Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419) Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420) NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421) Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795) ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796) Discovery 2026-01-27 Entry 2026-01-27 Modified 2026-01-28 FreeBSD >= 15.0 lt 15.0_2 >= 14.3 lt 14.3_8 >= 13.5 lt 13.5_9 openssl < 3.0.19,1 openssl33 < 3.3.6 openssl34 < 3.4.4 openssl35 < 3.5.5 openssl36 < 3.6.1 openssl < 3.0.19 CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 CVE-2026-22796 https://openssl-library.org/news/secadv/20260127.txt SA-26:01.openssl

VuXML ID

Description

c7a52cee-32ab-11f1-9839-8447094a420f

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Seven vulnerabilities in OpenSSL library. Highest classification Moderate.

Discovery 2026-04-07
Entry 2026-04-07
openssl

< 3.0.20,1

openssl34

< 3.4.5

openssl35

< 3.5.6

openssl36

< 3.6.2

openssl111

< 1.1.1zg

CVE-2026-31790
CVE-2026-2637
CVE-2026-28386
CVE-2026-28387
CVE-2026-28388
CVE-2026-28389
CVE-2026-28390
CVE-2026-31789
https://openssl-library.org/news/secadv/20260407.txt

4b824428-fb93-11f0-b194-8447094a420f

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

Improper validation of PBMAC1 parameters in PKCS#12 MAC verification (CVE-2025-11187)

Stack buffer overflow in CMS AuthEnvelopedData parsing (CVE-2025-15467)

NULL dereference in SSL_CIPHER_find() function on unknown cipher ID (CVE-2025-15468)

"openssl dgst" one-shot codepath silently truncates inputs >16MB (CVE-2025-15469)

TLS 1.3 CompressedCertificate excessive memory allocation (CVE-2025-66199)

Heap out-of-bounds write in BIO_f_linebuffer on short writes (CVE-2025-68160)

Unauthenticated/unencrypted trailing bytes with low-level OCB function calls (CVE-2025-69418)

Out of bounds write in PKCS12_get_friendlyname() UTF-8 conversion (CVE-2025-69419)

Missing ASN1_TYPE validation in TS_RESP_verify_response() function (CVE-2025-69420)

NULL Pointer Dereference in PKCS12_item_decrypt_d2i_ex function (CVE-2025-69421)

Missing ASN1_TYPE validation in PKCS#12 parsing (CVE-2026-22795)

ASN1_TYPE Type Confusion in the PKCS7_digest_from_attributes() function (CVE-2026-22796)

Discovery 2026-01-27
Entry 2026-01-27
Modified 2026-01-28
FreeBSD

>= 15.0 lt 15.0_2

>= 14.3 lt 14.3_8

>= 13.5 lt 13.5_9

openssl

< 3.0.19,1

openssl33

< 3.3.6

openssl34

< 3.4.4

openssl35

< 3.5.5

openssl36

< 3.6.1

openssl

< 3.0.19

CVE-2025-11187
CVE-2025-15467
CVE-2025-15468
CVE-2025-15469
CVE-2025-66199
CVE-2025-68160
CVE-2025-69418
CVE-2025-69419
CVE-2025-69420
CVE-2025-69421
CVE-2026-22795
CVE-2026-22796
https://openssl-library.org/news/secadv/20260127.txt
SA-26:01.openssl