svn commit: r376575 - head/security/vuxml
Xin LI
delphij at FreeBSD.org
Fri Jan 9 00:00:00 UTC 2015
Author: delphij
Date: Thu Jan 8 23:59:59 2015
New Revision: 376575
URL: https://svnweb.freebsd.org/changeset/ports/376575
QAT: https://qat.redports.org/buildarchive/r376575/
Log:
Document OpenSSL multiple vulnerabilities.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Thu Jan 8 22:53:32 2015 (r376574)
+++ head/security/vuxml/vuln.xml Thu Jan 8 23:59:59 2015 (r376575)
@@ -57,6 +57,54 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="4e536c14-9791-11e4-977d-d050992ecde8">
+ <topic>OpenSSL -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>openssl</name>
+ <range><ge>1.0.1</ge><lt>1.0.1_17</lt></range>
+ </package>
+ <package>
+ <name>mingw32-openssl</name>
+ <range><ge>1.0.1</ge><lt>1.0.1k</lt></range>
+ </package>
+ <package>
+ <name>linux-c6-openssl</name>
+ <range><gt>0</gt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>OpenSSL project reports:</p>
+ <blockquote cite="https://www.openssl.org/news/secadv_20150108.txt">
+ <p>DTLS segmentation fault in dtls1_get_record (CVE-2014-3571)</p>
+ <p>DTLS memory leak in dtls1_buffer_record (CVE-2015-0206)</p>
+ <p>no-ssl3 configuration sets method to NULL (CVE-2014-3569)</p>
+ <p>ECDHE silently downgrades to ECDH [Client] (CVE-2014-3572)</p>
+ <p>RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)</p>
+ <p>DH client certificates accepted without verification [Server] (CVE-2015-0205)</p>
+ <p>Certificate fingerprints can be modified (CVE-2014-8275)</p>
+ <p>Bignum squaring may produce incorrect results (CVE-2014-3570)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2014-3569</cvename>
+ <cvename>CVE-2014-3570</cvename>
+ <cvename>CVE-2014-3571</cvename>
+ <cvename>CVE-2014-3572</cvename>
+ <cvename>CVE-2014-8275</cvename>
+ <cvename>CVE-2015-0204</cvename>
+ <cvename>CVE-2015-0205</cvename>
+ <cvename>CVE-2015-0206</cvename>
+ <url>https://www.openssl.org/news/secadv_20150108.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-01-08</discovery>
+ <entry>2015-01-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="5e135178-8aeb-11e4-801f-0022156e8794">
<topic>wordpress -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list