git: 733184fa5651 - main - security/vuxml: Document wolfSSL multiple vulnerabilities.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Santhosh Raju <fox_at_FreeBSD.org>
Date: Mon, 08 Aug 2022 20:36:45 UTC
The branch main has been updated by fox:

URL: https://cgit.FreeBSD.org/ports/commit/?id=733184fa56512c9ce5ca1380217bae989d74f6fe

commit 733184fa56512c9ce5ca1380217bae989d74f6fe
Author:     Santhosh Raju <fox@FreeBSD.org>
AuthorDate: 2022-08-08 20:35:27 +0000
Commit:     Santhosh Raju <fox@FreeBSD.org>
CommitDate: 2022-08-08 20:35:27 +0000

    security/vuxml: Document wolfSSL multiple vulnerabilities.
---
 security/vuxml/vuln-2022.xml | 38 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index 44e62fc03166..ab4901131e2d 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,41 @@
+  <vuln vid="9b9a5f6e-1755-11ed-adef-589cfc01894a">
+    <topic>wolfssl -- multiple issues</topic>
+    <affects>
+      <package>
+	<name>wolfssl</name>
+	<range><lt>5.4.0</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>wolfSSL blog  reports:</p>
+	<blockquote cite="https://www.wolfssl.com/wolfssl-5-4-0-release/">
+	  <p>In release 5.4.0 there were 3 vulnerabilities listed as
+	    fixed in wolfSSL. Two relatively new reports, one dealing with a DTLS
+	    1.0/1.2 denial of service attack and the other a ciphertext attack on
+	    ECC/DH operations. The last vulnerability listed was a public
+	    disclosure of a previous attack on AMD devices fixed since wolfSSL
+	    version 5.1.0. Coordination of the disclosure of the attack was done
+	    responsibly, in cooperation with the researchers, waiting for the
+	    public release of the attack details since it affects multiple
+	    security libraries.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-34293</cvename>
+      <cvename>CVE-2020-12966</cvename>
+      <cvename>CVE-2021-46744</cvename>
+      <url>https://github.com/wolfSSL/wolfssl/releases/tag/v5.4.0-stable</url>
+      <url>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1013</url>
+      <url>https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1033</url>
+    </references>
+    <dates>
+      <discovery>2022-07-11</discovery>
+      <entry>2022-08-08</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="8bec3994-104d-11ed-a7ac-0800273f11ea">
     <topic>gitea -- multiple issues</topic>
     <affects>