Date: Thu, 09 Jul 2015 13:42:55 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 201439] security/openssl: update for CVE-2015-1793 Message-ID: <bug-201439-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=201439 Bug ID: 201439 Summary: security/openssl: update for CVE-2015-1793 Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: dinoex@FreeBSD.org Reporter: walter@lifeforms.nl Flags: maintainer-feedback?(dinoex@FreeBSD.org) Assignee: dinoex@FreeBSD.org OpenSSL 1.0.2d has landed with a fix for CVE-2015-1793: https://openssl.org/news/secadv_20150709.txt Ports version of OpenSSL (1.0.2c) is vulnerable. The vulnerability allows an attacker to create fraudulent certificates which the OpenSSL certification validation code then accepts. This is mostly problematic for TLS clients (and some TLS servers). -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-201439-13>