FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-23 17:01:17 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
7da0417f-6b24-11e8-84cc-002590acae31gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports:

GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.


Discovery 2018-06-07
Entry 2018-06-08
gnupg
< 2.2.8

gnupg1
< 1.4.23

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
CVE-2018-12020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
CVE-2017-7526
e1c71d8d-64d9-11e6-b38a-25a46b33f2edgnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.


Discovery 2016-08-17
Entry 2016-08-18
Modified 2016-11-30
gnupg1
< 1.4.21

libgcrypt
< 1.7.3

linux-c6-libgcrypt
< 1.4.5_4

linux-c7-libgcrypt
< 1.5.3_1

https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6313