From owner-freebsd-security@FreeBSD.ORG Thu Apr 24 08:32:57 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 74CBAA2F for ; Thu, 24 Apr 2014 08:32:57 +0000 (UTC) Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lp0082.outbound.protection.outlook.com [213.199.154.82]) (using TLSv1 with cipher AES128-SHA (128/128 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 0BFC5189A for ; Thu, 24 Apr 2014 08:32:55 +0000 (UTC) Received: from [192.168.11.2] (88.192.40.21) by DB3PR06MB620.eurprd06.prod.outlook.com (10.255.71.42) with Microsoft SMTP Server (TLS) id 15.0.929.12; Thu, 24 Apr 2014 07:59:58 +0000 Message-ID: <5358C474.5060903@simgroep.nl> Date: Thu, 24 Apr 2014 10:59:48 +0300 From: Paul van Erk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.4.0 MIME-Version: 1.0 To: Subject: gnutls vulnerabilities disappeared Content-Type: text/plain; charset="ISO-8859-1"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [88.192.40.21] X-ClientProxiedBy: DBXPR05CA006.eurprd05.prod.outlook.com (10.255.191.174) To DB3PR06MB620.eurprd06.prod.outlook.com (10.255.71.42) X-Forefront-PRVS: 01917B1794 X-Forefront-Antispam-Report: SFV:NSPM; SFS:(10019001)(6049001)(6009001)(428001)(189002)(199002)(23756003)(65816999)(87266999)(54356999)(87976001)(50986999)(36756003)(86362001)(33656001)(92726001)(81342001)(83506001)(81542001)(50466002)(92566001)(74662001)(74482001)(31966008)(15202345003)(85852003)(99396002)(19580395003)(80316001)(83322001)(80976001)(64126003)(59896001)(77982001)(80022001)(66066001)(15975445006)(74502001)(65956001)(4396001)(65806001)(83072002)(46102001)(47776003)(76482001)(79102001)(42186004)(20776003)(133083001); DIR:OUT; SFP:1102; SCL:1; SRVR:DB3PR06MB620; H:[192.168.11.2]; FPR:A1C2C99C.8A376422.ED6EB37A.C4E58649.20118; MLV:nov; PTR:InfoNoRecords; MX:1; A:1; LANG:en; Received-SPF: None (: simgroep.nl does not designate permitted sender hosts) X-OriginatorOrg: simgroep.nl X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Apr 2014 08:32:57 -0000 Hi, Recently, I noticed a vulnerability in the gnutls package: gnutls-2.12.23_3 multiple certificate verification issues Shown here: http://portaudit.freebsd.org/f645aa90-a3e8-11e3-a422-3c970e169bc2.html Now, however, this vulnerability message is not found after running "pkg audit gnutls-2.12.23_3" I do find 3 other vulnerabilities when running "pkg audit gnutls-2.12", but not the original one, that is still active at the given URL, though. This problem is experienced on FreeBSD 8, 9 and 10. Is there a known issue here? Regards, Paul van Erk