Date: Fri, 29 Dec 2017 09:23:28 +0000 (UTC) From: Eugene Grosbein <eugen@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r457501 - head/security/vuxml Message-ID: <201712290923.vBT9NSUG026806@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: eugen Date: Fri Dec 29 09:23:27 2017 New Revision: 457501 URL: https://svnweb.freebsd.org/changeset/ports/457501 Log: Document security defect in the Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT") Obtained from: https://www.bouncycastle.org/releasenotes.html Security: https://vuxml.FreeBSD.org/freebsd/6a131fbf-ec76-11e7-aa65-001b216d295b Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Dec 29 09:21:11 2017 (r457500) +++ head/security/vuxml/vuln.xml Fri Dec 29 09:23:27 2017 (r457501) @@ -58,6 +58,37 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6a131fbf-ec76-11e7-aa65-001b216d295b"> + <topic>The Bouncy Castle Crypto APIs: CVE-2017-13098 ("ROBOT")</topic> + <affects> + <package> + <name>bouncycastle15</name> + <range><lt>1.59</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>he Legion of the Bouncy Castle reports:</p> + <blockquote cite="https://www.bouncycastle.org/releasenotes.html"> + <p>Release: 1.59</p> + <p>CVE-2017-13098 ("ROBOT"), a Bleichenbacher oracle in TLS + when RSA key exchange is negotiated. This potentially affected + BCJSSE servers and any other TLS servers configured to use JCE + for the underlying crypto - note the two TLS implementations + using the BC lightweight APIs are not affected by this.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2017-13098</cvename> + <url>https://www.bouncycastle.org/releasenotes.html</url> + </references> + <dates> + <discovery>2017-12-12</discovery> + <entry>2017-12-29</entry> + </dates> + </vuln> + <vuln vid="6a09c80e-6ec7-442a-bc65-d72ce69fd887"> <topic>mozilla -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201712290923.vBT9NSUG026806>