svn commit: r389254 - head/security/vuxml
Ryan Steinmetz
zi at FreeBSD.org
Thu Jun 11 21:35:50 UTC 2015
Author: zi
Date: Thu Jun 11 21:35:48 2015
New Revision: 389254
URL: https://svnweb.freebsd.org/changeset/ports/389254
Log:
- Document recent vulnerabilities in security/openssl
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jun 11 21:23:25 2015 (r389253)
+++ head/security/vuxml/vuln.xml Thu Jun 11 21:35:48 2015 (r389254)
@@ -57,6 +57,48 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="8305e215-1080-11e5-8ba2-000c2980a9f3">
+ <topic>openssl -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>1.0.2_2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL team reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv_20150611.txt">
+ <ul>
+ <li>Missing DHE man-in-the-middle protection (Logjam)
+ (CVE-2015-4000)</li>
+ <li>Malformed ECParameters causes infinite loop (CVE-2015-1788)</li>
+ <li>Exploitable out-of-bounds read in X509_cmp_time
+ (CVE-2015-1789)</li>
+ <li>iPKCS7 crash with missing EnvelopedContent (CVE-2015-1790)</li>
+ <li>CMS verify infinite loop with unknown hash function
+ (CVE-2015-1792)</li>
+ <li>Race condition handling NewSessionTicket (CVE-2015-1791)</li>
+ <li>Invalid free in DTLS (CVE-2014-8176)</li>
+ </ul>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-8176</cvename>
+ <cvename>CVE-2015-1788</cvename>
+ <cvename>CVE-2015-1789</cvename>
+ <cvename>CVE-2015-1790</cvename>
+ <cvename>CVE-2015-1791</cvename>
+ <cvename>CVE-2015-1792</cvename>
+ <url>https://www.openssl.org/news/secadv_20150611.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-06-11</discovery>
+ <entry>2015-06-11</entry>
+ </dates>
+ </vuln>
+
<vuln vid="1e63db88-1050-11e5-a4df-c485083ca99c">
<topic>Adobe Flash Player -- critical vulnerabilities</topic>
<affects>
More information about the svn-ports-all
mailing list