FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68
These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
53eb9e1e-7014-11e8-8b1f-3065ec8fd3ec | password-store -- GPG parsing vulnerabilities
Jason A. Donenfeld reports:
Markus Brinkmann discovered that [the] parsing of gpg command line
output with regexes isn't anchored to the beginning of the line,
which means an attacker can generate a malicious key that simply has
the verification string as part of its username.
This has a number of nasty consequences:
- an attacker who manages to write into your ~/.password-store
and also inject a malicious key into your keyring can replace
your .gpg-id key and have your passwords encrypted under
additional keys;
- if you have extensions enabled (disabled by default), an
attacker who manages to write into your ~/.password-store and
also inject a malicious key into your keyring can replace your
extensions and hence execute code.
Discovery 2018-06-14 Entry 2018-06-14 password-store
< 1.7.2
https://lists.zx2c4.com/pipermail/password-store/2018-June/003308.html
CVE-2018-12356
|