This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-24 03:12:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
1b27af46-d6f6-11e0-89a6-080027ef73ec | ca_root_nss -- extraction of explicitly-untrusted certificates into trust bundle Matthias Andree reports that the ca-bundle.pl used in older versions of the ca_root_nss FreeBSD port before 3.12.11 did not take the Mozilla/NSS/CKBI untrusted markers into account and would add certificates to the trust bundle that were marked unsafe by Mozilla. Discovery 2011-09-04 Entry 2011-09-04 ca_root_nss < 3.12.11 ports/160455 |
a4ed6632-5aa9-11e2-8fcb-c8600054b392 | mozilla -- multiple vulnerabilities The Mozilla Project reports:
Discovery 2013-01-08 Entry 2013-01-09 firefox gt 11.0,1 lt 17.0.2,1 < 10.0.12,1 linux-firefox < 17.0.2,1 linux-seamonkey < 2.15 linux-thunderbird < 17.0.2 seamonkey < 2.15 thunderbird gt 11.0 lt 17.0.2 < 10.0.12 libxul gt 1.9.2.* lt 10.0.12 ca_root_nss < 3.14.1 CVE-2012-5829 CVE-2013-0743 CVE-2013-0744 CVE-2013-0745 CVE-2013-0746 CVE-2013-0747 CVE-2013-0748 CVE-2013-0749 CVE-2013-0750 CVE-2013-0751 CVE-2013-0752 CVE-2013-0753 CVE-2013-0754 CVE-2013-0755 CVE-2013-0756 CVE-2013-0757 CVE-2013-0758 CVE-2013-0759 CVE-2013-0760 CVE-2013-0761 CVE-2013-0762 CVE-2013-0763 CVE-2013-0764 CVE-2013-0766 CVE-2013-0767 CVE-2013-0768 CVE-2013-0769 CVE-2013-0770 CVE-2013-0771 http://www.mozilla.org/security/announce/2013/mfsa2013-01.html http://www.mozilla.org/security/announce/2013/mfsa2013-02.html http://www.mozilla.org/security/announce/2013/mfsa2013-03.html http://www.mozilla.org/security/announce/2013/mfsa2013-04.html http://www.mozilla.org/security/announce/2013/mfsa2013-05.html http://www.mozilla.org/security/announce/2013/mfsa2013-06.html http://www.mozilla.org/security/announce/2013/mfsa2013-07.html http://www.mozilla.org/security/announce/2013/mfsa2013-08.html http://www.mozilla.org/security/announce/2013/mfsa2013-09.html http://www.mozilla.org/security/announce/2013/mfsa2013-10.html http://www.mozilla.org/security/announce/2013/mfsa2013-11.html http://www.mozilla.org/security/announce/2013/mfsa2013-12.html http://www.mozilla.org/security/announce/2013/mfsa2013-13.html http://www.mozilla.org/security/announce/2013/mfsa2013-14.html http://www.mozilla.org/security/announce/2013/mfsa2013-15.html http://www.mozilla.org/security/announce/2013/mfsa2013-16.html http://www.mozilla.org/security/announce/2013/mfsa2013-17.html http://www.mozilla.org/security/announce/2013/mfsa2013-18.html http://www.mozilla.org/security/announce/2013/mfsa2013-19.html http://www.mozilla.org/security/announce/2013/mfsa2013-20.html http://www.mozilla.org/security/known-vulnerabilities/ |
aa5bc971-d635-11e0-b3cf-080027ef73ec | nss/ca_root_nss -- fraudulent certificates issued by DigiNotar.nl Heather Adkins, Google's Information Security Manager, reported that Google received
VASCO Data Security International Inc., owner of DigiNotar, issued a press statement confirming this incident:
Mozilla, maintainer of the NSS package, from which FreeBSD derived ca_root_nss, stated that they:
Discovery 2011-07-19 Entry 2011-09-03 Modified 2011-09-06 nss < 3.12.11 ca_root_nss < 3.12.11 firefox gt 3.6.*,1 lt 3.6.22,1 gt 4.0.*,1 lt 6.0.2,1 seamonkey < 2.3.2 linux-firefox < 3.6.22,1 thunderbird gt 3.1.* lt 3.1.14 gt 5.0.* lt 6.0.2 linux-thunderbird < 3.1.14 linux-seamonkey < 2.3.2 http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx http://www.mozilla.org/security/announce/2011/mfsa2011-34.html http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html |