Date: Fri, 20 Dec 2019 15:04:42 +0000 (UTC) From: Bernard Spil <brnrd@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r520513 - head/security/vuxml Message-ID: <201912201504.xBKF4glc072513@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brnrd Date: Fri Dec 20 15:04:41 2019 New Revision: 520513 URL: https://svnweb.freebsd.org/changeset/ports/520513 Log: security/vuxml: Document OpenSSL 1.0.2 vuln Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Fri Dec 20 14:54:08 2019 (r520512) +++ head/security/vuxml/vuln.xml Fri Dec 20 15:04:41 2019 (r520513) @@ -58,6 +58,41 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="d778ddb0-2338-11ea-a1c7-b499baebfeaf"> + <topic>OpenSSL -- Overflow vulnerability</topic> + <affects> + <package> + <name>openssl</name> + <range><lt>1.0.2u,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>The OpenSSL project reports:</p> + <blockquote cite="https://www.openssl.org/news/secadv/20191206.txt">; + <p>rsaz_512_sqr overflow bug on x86_64 (CVE-2019-1551) (Low)<br/> + There is an overflow bug in the x64_64 Montgomery squaring procedure + used in exponentiation with 512-bit moduli. No EC algorithms are + affected. Analysis suggests that attacks against 2-prime RSA1024, + 3-prime RSA1536, and DSA1024 as a result of this defect would be very + difficult to perform and are not believed likely. Attacks against + DH512 are considered just feasible. However, for an attack the target + would have to re-use the DH512 private key, which is not recommended + anyway. Also applications directly using the low level API BN_mod_exp + may be affected if they use BN_FLG_CONSTTIME.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.openssl.org/news/secadv/20191206.txt</url>; + <cvename>CVE-2019-1551</cvename> + </references> + <dates> + <discovery>2019-12-06</discovery> + <entry>2019-12-20</entry> + </dates> + </vuln> + <vuln vid="70111759-1dae-11ea-966a-206a8a720317"> <topic>spamassassin -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201912201504.xBKF4glc072513>