FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
e56f2f7c-410e-11e9-b95c-b499baebfeafOpenSSL -- ChaCha20-Poly1305 nonce vulnerability

The OpenSSL project reports:

Low: ChaCha20-Poly1305 with long nonces (CVE-2019-1543)

ChaCha20-Poly1305 is an AEAD cipher, and requires a unique nonce input for every encryption operation. RFC 7539 specifies that the nonce value (IV) should be 96 bits (12 bytes). OpenSSL allows a variable nonce length and front pads the nonce with 0 bytes if it is less than 12 bytes. However it also incorrectly allows a nonce to be set of up to 16 bytes. In this case only the last 12 bytes are significant and any additional leading bytes are ignored.


Discovery 2019-03-06
Entry 2019-03-07
openssl111
lt 1.1.1b_1

https://www.openssl.org/news/secadv/20190306.txt
CVE-2019-1543
9e0c6f7a-d46d-11e9-a1c7-b499baebfeafOpenSSL -- Multiple vulnerabilities

The OpenSSL project reports:

ECDSA remote timing attack (CVE-2019-1547) [Low]

Fork Protection (CVE-2019-1549) [Low]

(OpenSSL 1.1.1 only)


Discovery 2019-09-10
Entry 2019-09-11
openssl
lt 1.0.2t,1

openssl111
lt 1.1.1d

https://www.openssl.org/news/secadv/20190910.txt
CVE-2019-1547
CVE-2019-1549