FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-16 19:33:48 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
d4379f59-3e9b-49eb-933b-61de4d0b0fdb	Ruby -- OpenSSL Hostname Verification Vulnerability Ruby Developers report: After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates. Rubyâs OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive. Discovery 2015-04-13 Entry 2015-04-14 Modified 2015-09-23 ruby ruby20 ge 2.0,1 lt 2.0.0.645,1 ruby ruby21 ge 2.1,1 lt 2.1.6,1 ruby ruby22 ge 2.2,1 lt 2.2.2,1 https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/ CVE-2015-1855

VuXML ID

Description

d4379f59-3e9b-49eb-933b-61de4d0b0fdb

Ruby -- OpenSSL Hostname Verification Vulnerability

Ruby Developers report:

After reviewing RFC 6125 and RFC 5280, we found multiple violations of matching hostnames and particularly wildcard certificates.

Rubyâs OpenSSL extension will now provide a string-based matching algorithm which follows more strict behavior, as recommended by these RFCs. In particular, matching of more than one wildcard per subject/SAN is no-longer allowed. As well, comparison of these values are now case-insensitive.

Discovery 2015-04-13
Entry 2015-04-14
Modified 2015-09-23
ruby
ruby20

ge 2.0,1 lt 2.0.0.645,1

ruby
ruby21

ge 2.1,1 lt 2.1.6,1

ruby
ruby22

ge 2.2,1 lt 2.2.2,1

https://www.ruby-lang.org/en/news/2015/04/13/ruby-openssl-hostname-matching-vulnerability/
CVE-2015-1855