svn commit: r377053 - head/security/vuxml
Raphael Kubo da Costa
rakuco at FreeBSD.org
Wed Jan 14 21:54:31 UTC 2015
Author: rakuco
Date: Wed Jan 14 21:54:30 2015
New Revision: 377053
URL: https://svnweb.freebsd.org/changeset/ports/377053
QAT: https://qat.redports.org/buildarchive/r377053/
Log:
Add entry for CVE-2013-7252 in x11/kde4-runtime.
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Jan 14 21:52:01 2015 (r377052)
+++ head/security/vuxml/vuln.xml Wed Jan 14 21:54:30 2015 (r377053)
@@ -57,6 +57,39 @@ Notes:
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="7a8a74d1-9c34-11e4-a40b-5453ed2e2b49">
+ <topic>kde-runtime -- incorrect CBC encryption handling</topic>
+ <affects>
+ <package>
+ <name>kde-runtime</name>
+ <range><lt>4.12_3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Valentin Rusu reports:</p>
+ <blockquote cite="https://www.kde.org/info/security/advisory-20150109-1.txt">
+ <p>Until KDE Applications 14.12.0, kwalletd incorrectly handled CBC
+ encryption blocks when encrypting secrets in kwl files. The secrets
+ were still encrypted, but the result binary data corresponded to an
+ ECB encrypted block instead of CBC.</p>
+ <p>The ECB encryption algorithm, even if it'll scramble user data,
+ will produce same encrypted byte sequence for the same input text.
+ As a result, attackers may eventually find-out the encrypted
+ text.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-7252</cvename>
+ <url>https://www.kde.org/info/security/advisory-20150109-1.txt</url>
+ </references>
+ <dates>
+ <discovery>2015-01-09</discovery>
+ <entry>2015-01-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="bd62c640-9bb9-11e4-a5ad-000c297fb80f">
<topic>mozilla -- multiple vulnerabilities</topic>
<affects>
More information about the svn-ports-head
mailing list