ports/181474: GnuTLS packages old and vulnerable
Joe
joe at example.com
Fri Aug 23 01:30:00 UTC 2013
>Number: 181474
>Category: ports
>Synopsis: GnuTLS packages old and vulnerable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Aug 23 01:30:00 UTC 2013
>Closed-Date:
>Last-Modified:
>Originator: Joe
>Release: 8.x, 9.x, amd64, i386
>Organization:
>Environment:
>Description:
The available GnuTLS packages are all old.
Ver 2.12.23 is also vulnerable.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116
Please update to current stable ver 3.2.3 or later
to fix, bring features up to date, and avoid being
trapped in legacy again.
Also suggest checking/updating corresponding nettle
and gmp at that time.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list