[Bug 201439] security/openssl: update for CVE-2015-1793
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jul 9 13:42:56 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201439
Bug ID: 201439
Summary: security/openssl: update for CVE-2015-1793
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: dinoex at FreeBSD.org
Reporter: walter at lifeforms.nl
Flags: maintainer-feedback?(dinoex at FreeBSD.org)
Assignee: dinoex at FreeBSD.org
OpenSSL 1.0.2d has landed with a fix for CVE-2015-1793:
https://openssl.org/news/secadv_20150709.txt
Ports version of OpenSSL (1.0.2c) is vulnerable.
The vulnerability allows an attacker to create fraudulent certificates which
the OpenSSL certification validation code then accepts. This is mostly
problematic for TLS clients (and some TLS servers).
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list