FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
6a131fbf-ec76-11e7-aa65-001b216d295bThe Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")

The Legion of the Bouncy Castle reports:

Release: 1.59

CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS when RSA key exchange is negotiated. This potentially affected BCJSSE servers and any other TLS servers configured to use JCE for the underlying crypto - note the two TLS implementations using the BC lightweight APIs are not affected by this.


Discovery 2017-12-12
Entry 2017-12-29
bouncycastle
lt 1.59

bouncycastle15
lt 1.59

CVE-2017-13098
https://www.bouncycastle.org/releasenotes.html
fe93803c-883f-11e8-9f0c-001b216d295bSeveral Security Defects in the Bouncy Castle Crypto APIs

The Legion of the Bouncy Castle reports:

Release 1.60 is now available for download.

CVE-2018-1000180: issue around primality tests for RSA key pair generation if done using only the low-level API.

CVE-2018-1000613: lack of class checking in deserialization of XMSS/XMSS^MT private keys with BDS state information.


Discovery 2018-06-30
Entry 2018-07-15
bouncycastle
lt 1.60

bouncycastle15
lt 1.60

puppetserver
ge 0

puppetserver5
lt 5.3.8

puppetserver6
lt 6.2.1

CVE-2018-1000180
CVE-2018-1000613
https://www.bouncycastle.org/latest_releases.html
89d5bca6-0150-11ec-bf0c-080027eedc6aThe Bouncy Castle Crypto APIs -- EC math vulnerability

The Bouncy Castle team reports::

Bouncy Castle BC Java before 1.66 has a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the generation of multiple deterministic ECDSA signatures.


Discovery 2020-07-04
Entry 2021-08-20
bouncycastle15
lt 1.66

bouncycastle
lt 1.66

CVE-2020-15522
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15522