FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-24 21:00:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
32166082-53fa-41fa-b081-207e7a989a0a	NSS -- multiple vulnerabilities Mozilla Foundation reports: Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis. Discovery 2016-06-07 Entry 2016-06-07 Modified 2016-11-23 nss < 3.23 linux-c6-nss linux-c7-nss < 3.21.3 linux-seamonkey < 2.44 CVE-2016-2834 https://www.mozilla.org/security/advisories/mfsa2016-61/ https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672 https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a https://hg.mozilla.org/projects/nss/rev/5fde729fdbff https://hg.mozilla.org/projects/nss/rev/329932eb1700
4cb165f0-6e48-423e-8147-92255d35c0f7	NSS -- multiple vulnerabilities Mozilla Foundation reports: An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5. Discovery 2017-03-17 Entry 2017-04-19 nss linux-f10-nss linux-c6-nss linux-c7-nss ge 3.30 lt 3.30.1 ge 3.29 lt 3.29.5 ge 3.22 lt 3.28.4 < 3.21.4 CVE-2017-5461 CVE-2017-5462 https://hg.mozilla.org/projects/nss/rev/99a86619eac9 https://hg.mozilla.org/projects/nss/rev/e126381a3c29
e71fd9d3-af47-11e7-a633-009c02a2ab30	nss -- Use-after-free in TLS 1.2 generating handshake hashes Mozilla reports: During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash. Discovery 2017-08-04 Entry 2017-10-12 Modified 2018-01-29 nss ge 3.32 lt 3.32.1 ge 3.28 lt 3.28.6 linux-c6-nss ge 3.28 lt 3.28.4_2 linux-c7-nss ge 3.28 lt 3.28.4_2 https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805 https://hg.mozilla.org/projects/nss/rev/2d7b65b72290 https://hg.mozilla.org/projects/nss/rev/d3865e2957d0 CVE-2017-7805

VuXML ID

Description

32166082-53fa-41fa-b081-207e7a989a0a

NSS -- multiple vulnerabilities

Mozilla Foundation reports:

Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis.

Discovery 2016-06-07
Entry 2016-06-07
Modified 2016-11-23
nss

< 3.23

linux-c6-nss
linux-c7-nss

< 3.21.3

linux-seamonkey

< 2.44

CVE-2016-2834
https://www.mozilla.org/security/advisories/mfsa2016-61/
https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672
https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a
https://hg.mozilla.org/projects/nss/rev/5fde729fdbff
https://hg.mozilla.org/projects/nss/rev/329932eb1700

4cb165f0-6e48-423e-8147-92255d35c0f7

NSS -- multiple vulnerabilities

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

Discovery 2017-03-17
Entry 2017-04-19
nss
linux-f10-nss
linux-c6-nss
linux-c7-nss

ge 3.30 lt 3.30.1

ge 3.29 lt 3.29.5

ge 3.22 lt 3.28.4

< 3.21.4

CVE-2017-5461
CVE-2017-5462
https://hg.mozilla.org/projects/nss/rev/99a86619eac9
https://hg.mozilla.org/projects/nss/rev/e126381a3c29

e71fd9d3-af47-11e7-a633-009c02a2ab30

nss -- Use-after-free in TLS 1.2 generating handshake hashes

Mozilla reports:

During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.

Discovery 2017-08-04
Entry 2017-10-12
Modified 2018-01-29
nss

ge 3.32 lt 3.32.1

ge 3.28 lt 3.28.6

linux-c6-nss

ge 3.28 lt 3.28.4_2

linux-c7-nss

ge 3.28 lt 3.28.4_2

https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
https://hg.mozilla.org/projects/nss/rev/2d7b65b72290
https://hg.mozilla.org/projects/nss/rev/d3865e2957d0
CVE-2017-7805