From nobody Tue Apr 7 18:16:59 2026 X-Original-To: dev-commits-ports-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4fqvY81vgwz6YhKc for ; Tue, 07 Apr 2026 18:17:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 4fqvY819Tjz3PxB for ; Tue, 07 Apr 2026 18:17:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775585820; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wVrYjAH7RnXwSrD2Mrap5BivXvlVSSRm7V6mS+RJZO0=; b=bi28bqqFtuQgVXL2wG51O2Zh9CEgJPyIsZ0okKZydICH+qqlnj3LZQ9rTApAAuuI/UchNH xmi3DgSasNMZZ45am8T4C1Jbs59GsXg/T9cCtLt488VjJc5npud1QR1YEXLIoHXh1rbDdX oalZ+60F1L7j/rdaDuH3tjipzlASGqKHk4qDlMdJ3gCKSEMlzCUGaPH6saW33Fd/aPVPFy QKXM2wvMKkkKKUz2reeRsarGLTOgQzBgVUFPJbrCScHaK77bDA8McXV9DC+Vm8tgCA7r13 skDrHFtEW0SMYJ3WEkSZq9h63bRDxU1xOg9ikSxwdsW5irtayiHDZUDLrrGhPg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1775585820; a=rsa-sha256; cv=none; b=qGr/Y6QhT1xn8BH/wd1mq6yokTRFaPk3vCNXHlWpFFf3ZnpZ3/+9pCE+kMG/wlv/EzPpRR CgxbdBbrr9FlCfZ/G7QEOm70YXsUe7IrXLafshwvGDXtqbovj9QwlGnjBIDuR2ZzL1ZYqU QaaxuAZazcONs9/d5tJX/aWyAJOL0m7G01tNywWGwUvBORNJLiBJaOM3E34nYdJ7F5Im3r U6UZ+m3efKRuMGDLydJy+V44EpafRE58ITs/+9cTtQhL14POcrqfu89y5G0G17W+Cc/vq+ a3Hz2Ogz4WeFn4R3VGmkEh071P2nfifJ8J0mK+rhFNZVM5nf7sghTiqEjcO2pg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1775585820; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=wVrYjAH7RnXwSrD2Mrap5BivXvlVSSRm7V6mS+RJZO0=; b=M5Jnsi1LpYd+l2EKmJYof2M1cekbki3wc2XSfVzPwzKuh+jBUh8tSACyQBDkAnRqCTelcP agBzyOXu2XbSrc8ISvXDfthkPraV6pw2qtQUb9dUx5Qe4XyY3OkZzUY9/T8H5IJdNm4QYp 70FRhBGbUT37I+qaL/EMYu8sYhEF0zDW8SjCPKIVr97HEzgImcd24kOcN7yjo1YbXR/fIh MOl4cspn3lUEbtOBEApCxpeiZLZIgxw8YzBuHRaTCkIX4lLifJRUp8Ub68r20yMMkhpkkW bfQS7tpdvWto/hZ3+oBafjdvQs5cnhiGB5GvLrwNQf8WV7cvDVswuG7eO51YBQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4fqvY80SJHzqxk for ; Tue, 07 Apr 2026 18:17:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 25111 by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Tue, 07 Apr 2026 18:16:59 +0000 To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org From: Bernard Spil Subject: git: 7146c222ed53 - main - security/vuxml: Document OpenSSL vulnerabilities List-Id: Commits to the main branch of the FreeBSD ports repository List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-ports-main@freebsd.org Sender: owner-dev-commits-ports-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: brnrd X-Git-Repository: ports X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7146c222ed53fb47713d33e5b1823d2e7de76a0e Auto-Submitted: auto-generated Date: Tue, 07 Apr 2026 18:16:59 +0000 Message-Id: <69d54a1b.25111.116997cc@gitrepo.freebsd.org> The branch main has been updated by brnrd: URL: https://cgit.FreeBSD.org/ports/commit/?id=7146c222ed53fb47713d33e5b1823d2e7de76a0e commit 7146c222ed53fb47713d33e5b1823d2e7de76a0e Author: Bernard Spil AuthorDate: 2026-04-07 18:12:42 +0000 Commit: Bernard Spil CommitDate: 2026-04-07 18:12:42 +0000 security/vuxml: Document OpenSSL vulnerabilities --- security/vuxml/vuln/2026.xml | 49 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 49 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index a538ae1d46ed..de4d23275f9a 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,52 @@ + + OpenSSL -- Multiple vulnerabilities + + + openssl + 3.0.20,1 + + + openssl34 + 3.4.5 + + + openssl35 + 3.5.6 + + + openssl36 + 3.6.2 + + + openssl111 + 1.1.1zg + + + + +

The OpenSSL project reports:

+
+

Seven vulnerabilities in OpenSSL library. Highest classification Moderate.

+
+ + + + CVE-2026-31790 + CVE-2026-2637 + CVE-2026-28386 + CVE-2026-28387 + CVE-2026-28388 + CVE-2026-28389 + CVE-2026-28390 + CVE-2026-31789 + https://openssl-library.org/news/vulnerabilities/ + + + 2026-04-07 + 2026-04-07 + + + nghttp2 -- CWE-617: Reachable Assertion