git: c490d55ae936 - main - security/vuxml: Document OpenSSL vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 24 Oct 2023 18:24:22 UTC
The branch main has been updated by brnrd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=c490d55ae936d02830ff8d186472a2a2e47988fe
commit c490d55ae936d02830ff8d186472a2a2e47988fe
Author: Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2023-10-24 18:24:18 +0000
Commit: Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2023-10-24 18:24:18 +0000
security/vuxml: Document OpenSSL vulnerability
---
security/vuxml/vuln/2023.xml | 37 +++++++++++++++++++++++++++++++++++++
1 file changed, 37 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 7e90f35c98f3..67a8f8319be8 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,40 @@
+ <vuln vid="4a4712ae-7299-11ee-85eb-84a93843eb75">
+ <topic>OpenSSL -- potential loss of confidentiality</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><lt>3.0.12,1</lt></range>
+ </package>
+ <package>
+ <name>openssl31</name>
+ <range><lt>3.1.4</lt></range>
+ </package>
+ <package>
+ <name>openssl-quictls</name>
+ <range><lt>3.0.12</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>SO-AND-SO reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv/20231024.txt">
+ <p>Moderate severity: A bug has been identified in the processing
+ of key and initialisation vector (IV) lengths. This can lead to
+ potential truncation or overruns during the initialisation of
+ some symmetric ciphers.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-5363</cvename>
+ <url>https://www.openssl.org/news/secadv/20231024.txt</url>
+ </references>
+ <dates>
+ <discovery>2023-10-24</discovery>
+ <entry>2023-10-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="22df5074-71cd-11ee-85eb-84a93843eb75">
<topic>MySQL -- Multiple vulnerabilities</topic>
<affects>