FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a131fbf-ec76-11e7-aa65-001b216d295bThe Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")

The Legion of the Bouncy Castle reports:

Release: 1.59

CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this.


Discovery 2017-12-12
Entry 2017-12-29
bouncycastle
< 1.59

bouncycastle15
< 1.59

CVE-2017-13098
https://www.bouncycastle.org/releasenotes.html
70e71a24-0151-11ec-bf0c-080027eedc6abouncycastle15 -- bcrypt password checking vulnerability

The Bouncy Castle team reports:

The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.


Discovery 2020-11-02
Entry 2021-08-20
bouncycastle15
ge 1.65 lt 1.67

CVE-2020-28052
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052
89cf8cd2-0698-11e7-aa3f-001b216d295bSeveral Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports:

Release: 1.56

2.1.4 Security Related Changes and CVE's Addressed by this Release: (multiple)


Discovery 2016-12-23
Entry 2017-03-12
bouncycastle15
ge 1.51 lt 1.56

ports/215507
https://www.bouncycastle.org/releasenotes.html
89d5bca6-0150-11ec-bf0c-080027eedc6aThe Bouncy Castle Crypto APIs -- EC math vulnerability

The Bouncy Castle team reports::

Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.


Discovery 2020-07-04
Entry 2021-08-20
bouncycastle15
< 1.66

bouncycastle
< 1.66

CVE-2020-15522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522
fe93803c-883f-11e8-9f0c-001b216d295bSeveral Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.


Discovery 2018-06-30
Entry 2018-07-15
bouncycastle
< 1.60

bouncycastle15
< 1.60

puppetserver
ge 0

puppetserver5
< 5.3.8

puppetserver6
< 6.2.1

CVE-2018-1000180
CVE-2018-1000613
https://www.bouncycastle.org/latest_releases.html