FreshPorts - VuXML
This page displays vulnerability information about FreeBSD Ports.
The last vuln.xml file processed by FreshPorts is:
nothing found there
List all Vulnerabilities, by package
List all Vulnerabilities, by date
These are the vulnerabilities relating to the commit you have selected:
|eab68cff-bc0c-11e6-b2ca-001b3856973b||cryptopp -- multiple vulnerabilities|
Multiple sources report:
CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function
in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key
operations for the Rabin-Williams digital signature algorithm, which
allows remote attackers to obtain private keys via a timing attack.
Fixed in 5.6.3.
CVE-2016-3995: Incorrect implementation of Rijndael timing attack
countermeasure. Fixed in 5.6.4.
CVE-2016-7420: Library built without -DNDEBUG could egress sensitive
information to the filesystem via a core dump if an assert was triggered.
Fixed in 5.6.5.
|7695b0af-958f-11ec-9aa3-4ccc6adda413||cryptopp -- ElGamal implementation allows plaintext recovery|
Crypto++ 8.6 release notes reports:
The ElGamal implementation in Crypto++ through 8.5 allows plaintext
recovery because, during interaction between two cryptographic
libraries, a certain dangerous combination of the prime defined by
the receiver's public key, the generator defined by the receiver's
public key, and the sender's ephemeral exponents can lead to a
cross-configuration attack against OpenPGP.