FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-22 18:21:47 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f645aa90-a3e8-11e3-a422-3c970e169bc2	gnutls -- multiple certificate verification issues GnuTLS project reports: A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior). Discovery 2014-03-03 Entry 2014-03-04 Modified 2014-04-30 gnutls < 2.12.23_4 linux-f10-gnutls < 2.12.23_4 gnutls-devel < 3.1.22 gt 3.2.0 lt 3.2.12 gnutls3 < 3.1.22 gt 3.2.0 lt 3.2.12 CVE-2014-0092 CVE-2014-1959 http://www.gnutls.org/security.html#GNUTLS-SA-2014-1 http://www.gnutls.org/security.html#GNUTLS-SA-2014-2
2e7e9072-73a0-11e1-a883-001cc0a36e12	libtasn1 -- ASN.1 length decoding vulnerability Mu Dynamics, Inc. reports: Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures. Discovery 2012-03-20 Entry 2012-03-21 Modified 2012-03-24 libtasn1 < 2.12 gnutls < 2.12.18 gnutls-devel gt 2.99 lt 3.0.16 CVE-2012-1569
aecee357-739e-11e1-a883-001cc0a36e12	gnutls -- possible overflow/Denial of service vulnerabilities Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability. Discovery 2012-03-20 Entry 2012-03-21 Modified 2012-03-24 gnutls < 2.12.18 gnutls-devel gt 2.99 lt 3.0.15 CVE-2012-1573

VuXML ID

Description

f645aa90-a3e8-11e3-a422-3c970e169bc2

gnutls -- multiple certificate verification issues

GnuTLS project reports:

A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior).

Discovery 2014-03-03
Entry 2014-03-04
Modified 2014-04-30
gnutls

< 2.12.23_4

linux-f10-gnutls

< 2.12.23_4

gnutls-devel

< 3.1.22

gt 3.2.0 lt 3.2.12

gnutls3

< 3.1.22

gt 3.2.0 lt 3.2.12

CVE-2014-0092
CVE-2014-1959
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2

2e7e9072-73a0-11e1-a883-001cc0a36e12

libtasn1 -- ASN.1 length decoding vulnerability

Mu Dynamics, Inc. reports:

Various functions using the ASN.1 length decoding logic in Libtasn1 were incorrectly assuming that the return value from asn1_get_length_der is always less than the length of the enclosing ASN.1 structure, which is only true for valid structures and not for intentionally corrupt or otherwise buggy structures.

Discovery 2012-03-20
Entry 2012-03-21
Modified 2012-03-24
libtasn1

< 2.12

gnutls

< 2.12.18

gnutls-devel

gt 2.99 lt 3.0.16

CVE-2012-1569

aecee357-739e-11e1-a883-001cc0a36e12

gnutls -- possible overflow/Denial of service vulnerabilities

Mu Dynamics, Inc. reports:

The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability.

Discovery 2012-03-20
Entry 2012-03-21
Modified 2012-03-24
gnutls

< 2.12.18

gnutls-devel

gt 2.99 lt 3.0.15

CVE-2012-1573