FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2ecb7b20-d97e-11e0-b2e2-00215c6a37bb	OpenSSL -- multiple vulnerabilities OpenSSL Team reports: Two security flaws have been fixed in OpenSSL 1.0.0e Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. (CVE-2011-3207) OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. (CVE-2011-3210) Discovery 2011-09-06 Entry 2011-09-07 Modified 2014-04-10 openssl >= 1.0.0 lt 1.0.0_6 >= 0.9.8 lt 1.0.0 linux-f10-openssl >= 0.9.8 lt 0.9.8r CVE-2011-3207 CVE-2011-3210 http://www.openssl.org/news/secadv_20110906.txt
82b55df8-4d5a-11de-8811-0030843d3802	openssl -- denial of service in DTLS implementation Secunia reports: Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS. The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS packets. An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages. Discovery 2009-05-18 Entry 2009-05-30 Modified 2014-04-10 openssl >= 0.9.8 lt 0.9.8k_1 linux-f10-openssl >= 0.9.8f lt 0.9.8m CVE-2009-1378 CVE-2009-1377 http://secunia.com/advisories/35128/

VuXML ID

Description

2ecb7b20-d97e-11e0-b2e2-00215c6a37bb

OpenSSL -- multiple vulnerabilities

OpenSSL Team reports:

Two security flaws have been fixed in OpenSSL 1.0.0e

Under certain circumstances OpenSSL's internal certificate verification routines can incorrectly accept a CRL whose nextUpdate field is in the past. (CVE-2011-3207)

OpenSSL server code for ephemeral ECDH ciphersuites is not thread-safe, and furthermore can crash if a client violates the protocol by sending handshake messages in incorrect order. (CVE-2011-3210)

Discovery 2011-09-06
Entry 2011-09-07
Modified 2014-04-10
openssl

>= 1.0.0 lt 1.0.0_6

>= 0.9.8 lt 1.0.0

linux-f10-openssl

>= 0.9.8 lt 0.9.8r

CVE-2011-3207
CVE-2011-3210
http://www.openssl.org/news/secadv_20110906.txt

82b55df8-4d5a-11de-8811-0030843d3802

openssl -- denial of service in DTLS implementation

Secunia reports:

Some vulnerabilities have been reported in OpenSSL, which can be exploited by malicious people to cause a DoS.

The library does not limit the number of buffered DTLS records with a future epoch. This can be exploited to exhaust all available memory via specially crafted DTLS packets.

An error when processing DTLS messages can be exploited to exhaust all available memory by sending a large number of out of sequence handshake messages.

Discovery 2009-05-18
Entry 2009-05-30
Modified 2014-04-10
openssl

>= 0.9.8 lt 0.9.8k_1

linux-f10-openssl

>= 0.9.8f lt 0.9.8m

CVE-2009-1378
CVE-2009-1377
http://secunia.com/advisories/35128/