Attachment #154538 for bug #198718

View | Details | Raw Unified | Return to bug 198718 | Differences between
Collapse All | Expand All





-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="c2227ea9-ce6a-11e4-b7c8-4061861086c1">
    <topic>Multiple vulnerabilities found in LibreSSL</topic>
    <affects>
      <package>
	<name>libressl</name>
	<range><le>2.1.5</le></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>The LibreSSL project reports</p>
	<blockquote cite="https://github.com/libressl-portable/portable/commit/df0c0cd146ec4ba7b68e7735766bf0b62af993f4">
	  <p>* Fixes for the following issues are integrated into LibreSSL 2.1.6:
	       - CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
	       - CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
	       - CVE-2015-0287 - ASN.1 structure reuse memory corruption
	       - CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
	       - CVE-2015-0289 - PKCS7 NULL pointer dereferences

	     * The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
	       is integrated for safety, but LibreSSL is not vulnerable.
	</p>
	</blockquote>
      </body>
    </description>
    <references>
      <freebsdpr>ports/198681</freebsdpr>
      <cvename>CVE-2015-0209</cvename>
      <cvename>CVE-2015-0286</cvename>
      <cvename>CVE-2015-0287</cvename>
      <cvename>CVE-2015-0288</cvename>
      <cvename>CVE-2015-0289</cvename>
      <url>https://openssl.org/news/secadv_20150319.txt</url>
    </references>
    <dates>
      <discovery>2015-03-19</discovery>
      <entry>2015-03-19</entry>
    </dates>
  </vuln>

  <vuln vid="f7d79fac-cd49-11e4-898f-bcaec565249c">
    <topic>libXfont -- BDF parsing issues</topic>
    <affects>

Return to bug 198718

Lines 57-62 Link Here

(-)/usr/ports/security/vuxml/vuln.xml (+40 lines)
57		57
58	-->	58	-->
59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	59	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		60	<vuln vid="c2227ea9-ce6a-11e4-b7c8-4061861086c1">
		61	<topic>Multiple vulnerabilities found in LibreSSL</topic>
		62	<affects>
		63	<package>
		64	<name>libressl</name>
		65	<range><le>2.1.5</le></range>
		66	</package>
		67	</affects>
		68	<description>
		69	<body xmlns="http://www.w3.org/1999/xhtml">
		70	<p>The LibreSSL project reports</p>
		71	<blockquote cite="https://github.com/libressl-portable/portable/commit/df0c0cd146ec4ba7b68e7735766bf0b62af993f4">
		72	<p>* Fixes for the following issues are integrated into LibreSSL 2.1.6:
		73	- CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
		74	- CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
		75	- CVE-2015-0287 - ASN.1 structure reuse memory corruption
		76	- CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
		77	- CVE-2015-0289 - PKCS7 NULL pointer dereferences
		78
		79	* The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
		80	is integrated for safety, but LibreSSL is not vulnerable.
		81	</p>
		82	</blockquote>
		83	</body>
		84	</description>
		85	<references>
		86	<freebsdpr>ports/198681</freebsdpr>
		87	<cvename>CVE-2015-0209</cvename>
		88	<cvename>CVE-2015-0286</cvename>
		89	<cvename>CVE-2015-0287</cvename>
		90	<cvename>CVE-2015-0288</cvename>
		91	<cvename>CVE-2015-0289</cvename>
		92	<url>https://openssl.org/news/secadv_20150319.txt</url>
		93	</references>
		94	<dates>
		95	<discovery>2015-03-19</discovery>
		96	<entry>2015-03-19</entry>
		97	</dates>
		98	</vuln>
		99
60	<vuln vid="f7d79fac-cd49-11e4-898f-bcaec565249c">	100	<vuln vid="f7d79fac-cd49-11e4-898f-bcaec565249c">
61	<topic>libXfont -- BDF parsing issues</topic>	101	<topic>libXfont -- BDF parsing issues</topic>
62	<affects>	102	<affects>