FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-11-25 08:52:18 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
fe93803c-883f-11e8-9f0c-001b216d295b	Several Security Defects in the Bouncy Castle Crypto APIs The Legion of the Bouncy Castle reports: Release 1.60 is now available for download. CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API. CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information. Discovery 2018-06-30 Entry 2018-07-15 bouncycastle < 1.60 bouncycastle15 < 1.60 puppetserver >= 0 puppetserver5 < 5.3.8 puppetserver6 < 6.2.1 CVE-2018-1000180 CVE-2018-1000613 https://www.bouncycastle.org/latest_releases.html
89d5bca6-0150-11ec-bf0c-080027eedc6a	The Bouncy Castle Crypto APIs -- EC math vulnerability The Bouncy Castle team reports:: Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures. Discovery 2020-07-04 Entry 2021-08-20 bouncycastle15 < 1.66 bouncycastle < 1.66 CVE-2020-15522 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522

VuXML ID

Description

fe93803c-883f-11e8-9f0c-001b216d295b

Several Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.

Discovery 2018-06-30
Entry 2018-07-15
bouncycastle

< 1.60

bouncycastle15

< 1.60

puppetserver

>= 0

puppetserver5

< 5.3.8

puppetserver6

< 6.2.1

CVE-2018-1000180
CVE-2018-1000613
https://www.bouncycastle.org/latest_releases.html

89d5bca6-0150-11ec-bf0c-080027eedc6a

The Bouncy Castle Crypto APIs -- EC math vulnerability

The Bouncy Castle team reports::

Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.

Discovery 2020-07-04
Entry 2021-08-20
bouncycastle15

< 1.66

bouncycastle

< 1.66

CVE-2020-15522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522