FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 21:13:12 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
7da0417f-6b24-11e8-84cc-002590acae31	gnupg -- unsanitized output (CVE-2018-12020) GnuPG reports: GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output. Discovery 2018-06-07 Entry 2018-06-08 gnupg < 2.2.8 gnupg1 < 1.4.23 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020 CVE-2018-12020 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526 CVE-2017-7526
e1c71d8d-64d9-11e6-b38a-25a46b33f2ed	gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output Werner Koch reports: There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions. Discovery 2016-08-17 Entry 2016-08-18 Modified 2016-11-30 gnupg1 < 1.4.21 libgcrypt < 1.7.3 linux-c6-libgcrypt < 1.4.5_4 linux-c7-libgcrypt < 1.5.3_1 https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html CVE-2016-6313
1c840eb9-fb32-11e3-866e-b499baab0cbe	gnupg -- possible DoS using garbled compressed data packets Werner Koch reports: This release includes a security fix to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop. Discovery 2014-06-23 Entry 2014-06-23 gnupg1 < 1.4.17 gnupg < 2.0.24 http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html

VuXML ID

Description

7da0417f-6b24-11e8-84cc-002590acae31

gnupg -- unsanitized output (CVE-2018-12020)

GnuPG reports:

GnuPG did not sanitize input file names, which may then be output to the terminal. This could allow terminal control sequences or fake status messages to be injected into the output.

Discovery 2018-06-07
Entry 2018-06-08
gnupg

< 2.2.8

gnupg1

< 1.4.23

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12020
CVE-2018-12020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7526
CVE-2017-7526

e1c71d8d-64d9-11e6-b38a-25a46b33f2ed

gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.

Discovery 2016-08-17
Entry 2016-08-18
Modified 2016-11-30
gnupg1

< 1.4.21

libgcrypt

< 1.7.3

linux-c6-libgcrypt

< 1.4.5_4

linux-c7-libgcrypt

< 1.5.3_1

https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6313

1c840eb9-fb32-11e3-866e-b499baab0cbe

gnupg -- possible DoS using garbled compressed data packets

Werner Koch reports:

This release includes a *security fix* to stop a possible DoS using garbled compressed data packets which can be used to put gpg into an infinite loop.

Discovery 2014-06-23
Entry 2014-06-23
gnupg1

< 1.4.17

gnupg

< 2.0.24

http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000344.html
http://lists.gnupg.org/pipermail/gnupg-announce/2014q2/000345.html