FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-22 14:49:56 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date


These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
07a1a76c-734b-11e5-ae81-14dae9d210b8mbedTLS/PolarSSL -- DoS and possible remote code execution

ARM Limited reports:

When the client creates its ClientHello message, due to insufficient bounds checking it can overflow the heap-based buffer containing the message while writing some extensions. Two extensions in particular could be used by a remote attacker to trigger the overflow: the session ticket extension and the server name indication (SNI) extension.

Discovery 2015-10-05
Entry 2015-10-15
ge 1.2.0 lt 1.2.17

ge 1.3.0 lt 1.3.14

< 2.1.2
953aaa57-6bce-11e5-9909-002590263bf5mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports:

In order to strengthen the minimum requirements for connections and to protect against the Logjam attack, the minimum size of Diffie-Hellman parameters accepted by the client has been increased to 1024 bits.

In addition the default size for the Diffie-Hellman parameters on the server are increased to 2048 bits. This can be changed with ssl_set_dh_params() in case this is necessary.

Discovery 2015-08-11
Entry 2015-10-06
ge 1.2.0 lt 1.2.15

ge 1.3.0 lt 1.3.12
5d280761-6bcf-11e5-9909-002590263bf5mbedTLS/PolarSSL -- multiple vulnerabilities

ARM Limited reports:

Florian Weimar from Red Hat published on Lenstra's RSA-CRT attach for PKCS#1 v1.5 signatures. These releases include countermeasures against that attack.

Fabian Foerg of Gotham Digital Science found a possible client-side NULL pointer dereference, using the AFL Fuzzer. This dereference can only occur when misusing the API, although a fix has still been implemented.

Discovery 2015-09-18
Entry 2015-10-06
ge 1.2.0 lt 1.2.16

ge 1.3.0 lt 1.3.13

< 2.1.1