FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-02 10:37:19 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
4a4712ae-7299-11ee-85eb-84a93843eb75	OpenSSL -- potential loss of confidentiality SO-AND-SO reports: Moderate severity: A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential truncation or overruns during the initialisation of some symmetric ciphers. Discovery 2023-10-24 Entry 2023-10-24 openssl < 3.0.12,1 openssl31 < 3.1.4 openssl-quictls < 3.0.12 CVE-2023-5363 https://www.openssl.org/news/secadv/20231024.txt
8337251b-b07b-11ee-b0d7-84a93843eb75	OpenSSL -- Vector register corruption on PowerPC SO-AND-SO reports: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. Discovery 2024-01-09 Entry 2024-01-11 openssl < 3.0.12_2,1 openssl-quictls < 3.0.12_2 openssl31 < 3.1.4_2 openssl31-quictls < 3.1.4_2 openssl32 < 3.2.0_1 CVE-2023-6129 https://www.openssl.org/news/secadv/20240109.txt
bad6588e-2fe0-11ee-a0d1-84a93843eb75	OpenSSL -- Excessive time spent checking DH q parameter value The OpenSSL project reports: Checking excessively long DH keys or parameters may be very slow (severity: Low). Discovery 2023-07-31 Entry 2023-07-31 openssl < 1.1.1u_1,1 openssl30 < 3.0.9_2 openssl31 < 3.1.1_2 CVE-2023-3817 https://www.openssl.org/news/secadv/20230731.txt
41c60e16-2405-11ee-a0d1-84a93843eb75	OpenSSL -- AES-SIV implementation ignores empty associated data entries The OpenSSL project reports: The AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries which are unauthenticated as a consequence. Discovery 2023-07-14 Entry 2023-07-16 openssl30 < 3.0.9_1 openssl31 < 3.1.1_1 CVE-2023-2975 https://www.openssl.org/news/secadv/20230714.txt
7c217849-f7d7-11ee-a490-84a93843eb75	OpenSSL -- Unbounded memory growth with session handling in TLSv1.3 The OpenSSL project reports: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Discovery 2024-04-08 Entry 2024-04-11 openssl < 3.0.13_3,1 openssl31 < 3.1.5_3 openssl32 < 3.2.1_2 openssl-quictls < 3.0.13_3 openssl31-quictls < 3.1.5_1 CVE-2024-2511 https://www.openssl.org/news/secadv/20240408.txt
a5956603-7e4f-11ee-9df6-84a93843eb75	OpenSSL -- DoS in DH generation The OpenSSL project reports: Excessive time spent in DH check / generation with large Q parameter value (low). Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow. Discovery 2023-11-08 Entry 2023-11-08 openssl < 3.0.12_1,1 openssl111 < 1.1.1w_1 openssl31 < 3.1.4_1 openssl-quictls < 3.0.12_1 openssl31-quictls < 3.1.4_1 CVE-2023-5678 https://www.openssl.org/news/secadv/20231106.txt
10dee731-c069-11ee-9190-84a93843eb75	OpenSSL -- Multiple vulnerabilities The OpenSSL project reports: Excessive time spent checking invalid RSA public keys (CVE-2023-6237) PKCS12 Decoding crashes (CVE-2024-0727) Discovery 2024-01-30 Entry 2024-01-31 openssl < 3.0.13,1 openssl-quictls < 3.0.13 openssl31 < 3.1.5 openssl31-quictls < 3.1.5 openssl32 < 3.2.1 CVE-2024-0727 CVE-2023-6237 https://www.openssl.org/news/secadv/20240125.txt https://www.openssl.org/news/secadv/20240115.txt https://www.openssl.org/news/openssl-3.0-notes.html https://www.openssl.org/news/openssl-3.1-notes.html https://www.openssl.org/news/openssl-3.2-notes.html