FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  518000
Date:      2019-11-20
Time:      10:57:40Z
Committer: zeising

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e1c71d8d-64d9-11e6-b38a-25a46b33f2edgnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.


Discovery 2016-08-17
Entry 2016-08-18
Modified 2016-11-30
gnupg1
lt 1.4.21

libgcrypt
lt 1.7.3

linux-c6-libgcrypt
lt 1.4.5_4

linux-c7-libgcrypt
lt 1.5.3_1

https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6313
22f28bb3-8d98-11e7-8c37-e8e0b747a45alibgcrypt -- side-channel attack vulnerability

GnuPG reports:

Mitigate a local side-channel attack on Curve25519 dubbed "May the Fourth Be With You".


Discovery 2017-08-27
Entry 2017-08-30
libgcrypt
lt 1.8.1

CVE-2017-0379
https://eprint.iacr.org/2017/806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0379
95b92e3b-d451-11e5-9794-e8e0b747a45alibgcrypt -- side-channel attack on ECDH

GnuPG reports:

Mitigate side-channel attack on ECDH with Weierstrass curves.


Discovery 2016-02-09
Entry 2016-02-16
libgcrypt
lt 1.6.5

CVE-2015-7511
https://lists.gnupg.org/pipermail/gnupg-announce/2016q1/000384.html
689c2bf7-0701-11e3-9a25-002590860428GnuPG and Libgcrypt -- side-channel attack vulnerability

Werner Koch of the GNU project reports:

Noteworthy changes in version 1.5.3:

Mitigate the Yarom/Falkner flush+reload side-channel attack on RSA secret keys...

Note that Libgcrypt is used by GnuPG 2.x and thus this release fixes the above problem. The fix for GnuPG less than 2.0 can be found in the just released GnuPG 1.4.14.


Discovery 2013-07-18
Entry 2013-08-17
libgcrypt
lt 1.5.3

linux-f10-libgcrypt
lt 1.5.3

CVE-2013-4242
http://eprint.iacr.org/2013/448
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000329.html
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
ed3bf433-5d92-11e7-aa14-e8e0b747a45alibgcrypt -- side-channel attack on RSA secret keys

GnuPG reports:

Mitigate a flush+reload side-channel attack on RSA secret keys dubbed "Sliding right into disaster".


Discovery 2017-06-29
Entry 2017-06-30
libgcrypt
lt 1.7.8

CVE-2017-7526
https://lists.gnupg.org/pipermail/gnupg-announce/2017q2/000408.html
9b5162de-6f39-11e8-818e-e8e0b747a45alibgcrypt -- side-channel attack vulnerability

GnuPG reports:

Mitigate a local side-channel attack on ECDSA signature as described in the white paper "Return on the Hidden Number Problem".


Discovery 2018-06-13
Entry 2018-06-13
Modified 2018-06-14
libgcrypt
lt 1.8.3

CVE-2018-0495
https://www.nccgroup.trust/us/our-research/technical-advisory-return-of-the-hidden-number-problem/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0495
https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.7.4-relnotes.txt
c9c6c2f8-cd54-11e9-af89-080027ef1a23libgcrypt -- ECDSA timing attack

GnuPG reports:

Mitigate an ECDSA timing attack.


Discovery 2019-08-29
Entry 2019-09-02
libgcrypt
lt 1.8.5

CVE-2019-13627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13627