FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
027af74d-eb56-11e3-9032-000c2980a9f3	gnutls -- client-side memory corruption GnuTLS project reports: This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client. Discovery 2014-05-14 Entry 2014-06-03 gnutls3 ge 3.1 lt 3.1.25 CVE-2014-3466 http://www.gnutls.org/security.html#GNUTLS-SA-2014-3
9065b930-3d8b-11e3-bd1a-e840f2096bd0	gnutls -- denial of service Salvatore Bonaccorso reports: This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client. Discovery 2013-10-25 Entry 2013-10-25 Modified 2013-11-01 gnutls3 < 3.1.16 CVE-2013-4466 http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
f645aa90-a3e8-11e3-a422-3c970e169bc2	gnutls -- multiple certificate verification issues GnuTLS project reports: A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat. Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior). Discovery 2014-03-03 Entry 2014-03-04 Modified 2014-04-30 gnutls < 2.12.23_4 linux-f10-gnutls < 2.12.23_4 gnutls-devel < 3.1.22 gt 3.2.0 lt 3.2.12 gnutls3 < 3.1.22 gt 3.2.0 lt 3.2.12 CVE-2014-0092 CVE-2014-1959 http://www.gnutls.org/security.html#GNUTLS-SA-2014-1 http://www.gnutls.org/security.html#GNUTLS-SA-2014-2

VuXML ID

Description

027af74d-eb56-11e3-9032-000c2980a9f3

gnutls -- client-side memory corruption

GnuTLS project reports:

This vulnerability affects the client side of the gnutls library. A server that sends a specially crafted ServerHello could corrupt the memory of a requesting client.

Discovery 2014-05-14
Entry 2014-06-03
gnutls3

ge 3.1 lt 3.1.25

CVE-2014-3466
http://www.gnutls.org/security.html#GNUTLS-SA-2014-3

9065b930-3d8b-11e3-bd1a-e840f2096bd0

gnutls -- denial of service

Salvatore Bonaccorso reports:

This vulnerability affects the DANE library of gnutls 3.1.x and gnutls 3.2.x. A server that returns more 4 DANE entries could corrupt the memory of a requesting client.

Discovery 2013-10-25
Entry 2013-10-25
Modified 2013-11-01
gnutls3

< 3.1.16

CVE-2013-4466
http://www.gnutls.org/security.html#GNUTLS-SA-2013-3

f645aa90-a3e8-11e3-a422-3c970e169bc2

gnutls -- multiple certificate verification issues

GnuTLS project reports:

A vulnerability was discovered that affects the certificate verification functions of all gnutls versions. A specially crafted certificate could bypass certificate validation checks. The vulnerability was discovered during an audit of GnuTLS for Red Hat.

Suman Jana reported a vulnerability that affects the certificate verification functions of gnutls 2.11.5 and later versions. A version 1 intermediate certificate will be considered as a CA certificate by default (something that deviates from the documented behavior).

Discovery 2014-03-03
Entry 2014-03-04
Modified 2014-04-30
gnutls

< 2.12.23_4

linux-f10-gnutls

< 2.12.23_4

gnutls-devel

< 3.1.22

gt 3.2.0 lt 3.2.12

gnutls3

< 3.1.22

gt 3.2.0 lt 3.2.12

CVE-2014-0092
CVE-2014-1959
http://www.gnutls.org/security.html#GNUTLS-SA-2014-1
http://www.gnutls.org/security.html#GNUTLS-SA-2014-2