FreeBSD Bugzilla – Attachment 154537 Details for
Bug 198718
[PATCH] security/libressl: update to 2.1.6, fix vulns and default libtls
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
vuxml entry
patch-vuln.xml-security_libressl-2.1.5 (text/plain), 1.85 KB, created by
Bernard Spil
on 2015-03-19 20:31:53 UTC
(
hide
)
Description:
vuxml entry
Filename:
MIME Type:
Creator:
Bernard Spil
Created:
2015-03-19 20:31:53 UTC
Size:
1.85 KB
patch
obsolete
>--- /var/db/pkg/vuln.xml 2015-03-19 03:19:20.329192949 +0100 >+++ /usr/ports/security/vuxml/vuln.xml 2015-03-19 21:23:55.532704000 +0100 >@@ -57,6 +57,47 @@ > > --> > <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> >+ <vuln vid="c2227ea9-ce6a-11e4-b7c8-4061861086c1"> >+ <topic>Multiple vulnerabilities found in LibreSSL</topic> >+ <affects> >+ <package> >+ <name>libressl</name> >+ <range><le>2.1.5</le></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>The LibreSSL project reports</p> >+ <blockquote cite="https://github.com/libressl-portable/portable/commit/df0c0cd146ec4ba7b68e7735766bf0b62af993f4"> >+ <p>* Fixes for the following issues are integrated into LibreSSL 2.1.6: >+ - CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error >+ - CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp >+ - CVE-2015-0287 - ASN.1 structure reuse memory corruption >+ - CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref >+ - CVE-2015-0289 - PKCS7 NULL pointer dereferences >+ >+ * The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen >+ is integrated for safety, but LibreSSL is not vulnerable. >+ </p> >+ </blockquote> >+ </body> >+ </description> >+ <references> >+ <freebsdpr>ports/198681</freebsdpr> >+ <cvename>CVE-2015-0207</cvename> >+ <cvename>CVE-2015-0207</cvename> >+ <cvename>CVE-2015-0207</cvename> >+ <cvename>CVE-2015-0207</cvename> >+ <cvename>CVE-2015-0207</cvename> >+ <url>https://openssl.org/news/secadv_20150319.txt</url> >+ </references> >+ <dates> >+ <discovery>2015-03-19</discovery> >+ <entry>2015-03-19</entry> >+ <modified>2015-03-19</modified> >+ </dates> >+ </vuln> >+ > <vuln vid="f7d79fac-cd49-11e4-898f-bcaec565249c"> > <topic>libXfont -- BDF parsing issues</topic> > <affects>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=154537">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 198718
:
154535
|
154536
|
154537
|
154538
|
154539
|
154540