Date: Fri, 23 Aug 2013 01:19:59 GMT From: Joe <joe@example.com> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/181474: GnuTLS packages old and vulnerable Message-ID: <201308230119.r7N1JxCK092139@oldred.freebsd.org> Resent-Message-ID: <201308230130.r7N1U0hi008444@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 181474 >Category: ports >Synopsis: GnuTLS packages old and vulnerable >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 23 01:30:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Joe >Release: 8.x, 9.x, amd64, i386 >Organization: >Environment: >Description: The available GnuTLS packages are all old. Ver 2.12.23 is also vulnerable. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2116 Please update to current stable ver 3.2.3 or later to fix, bring features up to date, and avoid being trapped in legacy again. Also suggest checking/updating corresponding nettle and gmp at that time. >How-To-Repeat: >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201308230119.r7N1JxCK092139>