FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  454471
Date:      2017-11-19
Time:      02:38:29Z
Committer: wen

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
f2217cdf-01e4-11e6-b1ce-002590263bf5go -- remote denial of service

Jason Buberel reports:

Go has an infinite loop in several big integer routines that makes Go programs vulnerable to remote denial of service attacks. Programs using HTTPS client authentication or the Go ssh server libraries are both exposed to this vulnerability.


Discovery 2016-04-05
Entry 2016-04-14
go
lt 1.6.1,1

CVE-2016-3959
http://www.openwall.com/lists/oss-security/2016/04/05/2
https://golang.org/cl/21533
4464212e-4acd-11e5-934b-002590263bf5go -- multiple vulnerabilities

Jason Buberel, Go Product Manager, reports:

CVE-2015-5739 - "Content Length" treated as valid header

CVE-2015-5740 - Double content-length headers does not return 400 error

CVE-2015-5741 - Additional hardening, not sending Content-Length w/Transfer-Encoding, Closing connections


Discovery 2015-07-29
Entry 2015-08-25
go
lt 1.4.3,1

go14
lt 1.4.3

CVE-2015-5739
CVE-2015-5740
CVE-2015-5741
https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
http://seclists.org/oss-sec/2015/q3/237