FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-29 10:45:39 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
4cb165f0-6e48-423e-8147-92255d35c0f7NSS -- multiple vulnerabilities

Mozilla Foundation reports:

An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.

A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.


Discovery 2017-03-17
Entry 2017-04-19
nss
linux-f10-nss
linux-c6-nss
linux-c7-nss
ge 3.30 lt 3.30.1

ge 3.29 lt 3.29.5

ge 3.22 lt 3.28.4

< 3.21.4

CVE-2017-5461
CVE-2017-5462
https://hg.mozilla.org/projects/nss/rev/99a86619eac9
https://hg.mozilla.org/projects/nss/rev/e126381a3c29
c4292768-5273-4f17-a267-c5fe35125ce4NSS -- multiple vulnerabilities

Mozilla Foundation reports:

Security researcher Francis Gabriel reported a heap-based buffer overflow in the way the Network Security Services (NSS) libraries parsed certain ASN.1 structures. An attacker could create a specially-crafted certificate which, when parsed by NSS, would cause it to crash or execute arbitrary code with the permissions of the user.

Mozilla developer Tim Taubert used the Address Sanitizer tool and software fuzzing to discover a use-after-free vulnerability while processing DER encoded keys in the Network Security Services (NSS) libraries. The vulnerability overwrites the freed memory with zeroes.


Discovery 2016-03-08
Entry 2016-03-08
Modified 2016-09-05
nss
ge 3.20 lt 3.21.1

< 3.19.2.3

linux-c6-nss
ge 3.20 lt 3.21.0_1

< 3.19.2.3

linux-firefox
< 45.0,1

linux-thunderbird
< 38.7.0

linux-seamonkey
< 2.42

CVE-2016-1950
CVE-2016-1979
https://www.mozilla.org/security/advisories/mfsa2016-35/
https://www.mozilla.org/security/advisories/mfsa2016-36/
https://hg.mozilla.org/projects/nss/rev/b9a31471759d
https://hg.mozilla.org/projects/nss/rev/7033b1193c94
32166082-53fa-41fa-b081-207e7a989a0aNSS -- multiple vulnerabilities

Mozilla Foundation reports:

Mozilla has updated the version of Network Security Services (NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated networking security issues reported by Mozilla engineers Tyson Smith and Jed Davis.


Discovery 2016-06-07
Entry 2016-06-07
Modified 2016-11-23
nss
< 3.23

linux-c6-nss
linux-c7-nss
< 3.21.3

linux-seamonkey
< 2.44

CVE-2016-2834
https://www.mozilla.org/security/advisories/mfsa2016-61/
https://hg.mozilla.org/projects/nss/rev/1ba7cd83c672
https://hg.mozilla.org/projects/nss/rev/8d78a5ae260a
https://hg.mozilla.org/projects/nss/rev/5fde729fdbff
https://hg.mozilla.org/projects/nss/rev/329932eb1700
47695a9c-5377-11ec-8be6-d4c9ef517024NSS -- Memory corruption

The Mozilla project reports:

Memory corruption in NSS via DER-encoded DSA and RSA-PSS signatures (Critical)

NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS #7, or PKCS #12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS.


Discovery 2021-12-01
Entry 2021-12-02
nss
< 3.73

CVE-2021-43527
https://www.mozilla.org/en-US/security/advisories/mfsa2021-51/