svn commit: r315790 - head/security/vuxml
Dag-Erling Smørgrav
des at FreeBSD.org
Fri Apr 12 16:14:23 UTC 2013
Author: des
Date: Fri Apr 12 16:14:22 2013
New Revision: 315790
URL: http://svnweb.freebsd.org/changeset/ports/315790
Log:
Edit OpenVPN 2.3.1 entry:
- Replace links to changelog and commit with a link to the official
announcement (which also links to the commit)
- Replace the description with a sentence lifted from the
announcement.
Approved by: portmgr (tabthorpe)
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Fri Apr 12 06:40:01 2013 (r315789)
+++ head/security/vuxml/vuln.xml Fri Apr 12 16:14:22 2013 (r315790)
@@ -497,14 +497,14 @@ Note: Please add new entries to the beg
<body xmlns="http://www.w3.org/1999/xhtml">
<p>The OpenVPN project reports:</p>
<blockquote cite="https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.1">
- <p>[OpenVPN 2.3.1 adds a fix to prevent potential side-channel
- attacks by switching to a] constant time memcmp when comparing HMACs in [the] openvpn_decrypt [function].</p>
+ <p>OpenVPN 2.3.0 and earlier running in UDP mode are subject
+ to chosen ciphertext injection due to a non-constant-time
+ HMAC comparison function.</p>
</blockquote>
</body>
</description>
<references>
- <url>https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23#OpenVPN2.3.1</url>
- <url>http://openvpn.git.sourceforge.net/git/gitweb.cgi?p=openvpn/openvpn-testing.git;a=commit;h=11d21349a4e7e38a025849479b36ace7c2eec2ee</url>
+ <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc</url>
</references>
<dates>
<discovery>2013-03-19</discovery>
More information about the svn-ports-all
mailing list