From nobody Tue Jan  2 06:11:26 2024
X-Original-To: dev-commits-ports-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4T42YC2Qflz56MZK;
	Tue,  2 Jan 2024 06:11:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4T42YC1s0rz3LDJ;
	Tue,  2 Jan 2024 06:11:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1704175887;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1Qfs2DTccbZc4jw3nHebfIXWqzNqefzt0T5JwCLti6c=;
	b=I0baT3BbsAgWnnHasYO71bffNyzhSpqnicPrhYqZcxB/WsgL2Kl0nxEJEgxPfg5BtlaSLF
	GX6lq3rousKZyLhn+nJfCDflxUTi5uw+S3O/3AHAH2NsE0uRlKMibxOTxnnYZ5P1ZvX9/3
	uVXnC/f0wdnr4BOn39pcXu8W4K+M1EVX8iJ9det7iZvfpjK/8RXz6KbIRh8EdaGtFH1KG2
	8rHG3xmuiXecRBn0mVLkr8Opp5A9oFz6JxXVdYk4HFkrICx4ZXzxb3u6JnfECFPqkZ/PbW
	sZw55bDaQT2h3Osg4jvsqWEBBg+yEktCOWz29iCxVuzng8zx2q52DB4fu0a9Qw==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1704175887; a=rsa-sha256; cv=none;
	b=n8oEKslT6ckUvPggnLZ5fccGx/1MrvImlGqJ9n0s0xyUMfZrERz+OINHaprJPxX7XU1mkE
	HCaCL1npewQHjqMLjFKb1gfOaJezTM8qi/OKv4WDGpWTp4bbdivK+Fcnd8RbM4MnxOzi9A
	/I2Oe4aHleJvQzwBTnZT+b5j+eOMTeAUuo0wvFuY3iqH5BpGZKCN8zStpKY2e5qHTqSitS
	z09ORkZNGQK4j8aR01+a4oUqbBcEhMLUdqWKES5dlOwtw+91G0UtkHB5y4vXSvdDhZQUBK
	mdqfUGlgjP0Acie6sNCoKnq6QvHaasOwQUpkQAuKFjAwWozXfErcf6FA5nVnmg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1704175887;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=1Qfs2DTccbZc4jw3nHebfIXWqzNqefzt0T5JwCLti6c=;
	b=gpL1pujdqzx/JYmilPTfyKPG4Qkoom8/vXNW1lny8+6jKdOz3BKEmT1vLdmYL+/c8P0DcR
	/CW3VjCCpETTXBm7/TZ7PB/ePOhOUOB/TRu3nD5Wf8MpggePOd85QbiXaH9G66+bYjssmO
	U/tXXxcBb+sHzyNEHb7S7L20O0F9KZ05lPOpBW29ZqqOoCzCWvi1SnZzjXjL7tIeM980gC
	TNrq+LXAt+91jRBorNgxRox6gmniZ6shH9n79CVjQ+6h/sDdLFOJ9rlXp2zr1/Tz8fTk0n
	5H4+I8sLw2xjqx0QSp6ZymTHbmLT7pejP02aLc8Teky2PhgALv0zCaFY52EoAA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4T42YC0X7Szpqx;
	Tue,  2 Jan 2024 06:11:27 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 4026BQBO056164;
	Tue, 2 Jan 2024 06:11:26 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 4026BQh0056161;
	Tue, 2 Jan 2024 06:11:26 GMT
	(envelope-from git)
Date: Tue, 2 Jan 2024 06:11:26 GMT
Message-Id: <202401020611.4026BQh0056161@gitrepo.freebsd.org>
To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org,
        dev-commits-ports-main@FreeBSD.org
From: Philip Paeps <philip@FreeBSD.org>
Subject: git: 389df91bd852 - main - security/vuxml: add FreeBSD SA
  released on 2023-12-19
List-Id: Commit messages for all branches of the ports repository <dev-commits-ports-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-ports-all
List-Help: <mailto:dev-commits-ports-all+help@freebsd.org>
List-Post: <mailto:dev-commits-ports-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-ports-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-ports-all+unsubscribe@freebsd.org>
Sender: owner-dev-commits-ports-all@freebsd.org
X-BeenThere: dev-commits-ports-all@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: philip
X-Git-Repository: ports
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 389df91bd85232fc354db2e569477111feefabb3
Auto-Submitted: auto-generated

The branch main has been updated by philip:

URL: https://cgit.FreeBSD.org/ports/commit/?id=389df91bd85232fc354db2e569477111feefabb3

commit 389df91bd85232fc354db2e569477111feefabb3
Author:     Philip Paeps <philip@FreeBSD.org>
AuthorDate: 2024-01-02 06:11:10 +0000
Commit:     Philip Paeps <philip@FreeBSD.org>
CommitDate: 2024-01-02 06:11:10 +0000

    security/vuxml: add FreeBSD SA released on 2023-12-19
    
    FreeBSD-SA-23:19.openssl affects all supported releases of FreeBSD.
    
    FreeBSD 12.4 reached its end of life at the end of December 2023.  Users
    are encouraged to either implement the documented workaround or leverage
    an up to date version of OpenSSH from the ports/pkg collection.
---
 security/vuxml/vuln/2024.xml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
new file mode 100644
index 000000000000..82db275e300c
--- /dev/null
+++ b/security/vuxml/vuln/2024.xml
@@ -0,0 +1,33 @@
+  <vuln vid="13d83980-9f18-11ee-8e38-002590c1f29c">
+    <topic>FreeBSD -- Prefix Truncation Attack in the SSH protocol</topic>
+    <affects>
+      <package>
+	<name>FreeBSD</name>
+	<range><ge>14.0</ge><lt>14.0_4</lt></range>
+	<range><ge>13.2</ge><lt>13.2_9</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">
+	<h1>Problem Description:</h1>
+	<p>The SSH protocol executes an initial handshake between the
+	server and the client.  This protocol handshake includes the
+	possibility of several extensions allowing different options to be
+	selected.  Validation of the packets in the handshake is done through
+	sequence numbers.</p>
+	<h1>Impact:</h1>
+	<p>A man in the middle attacker can silently manipulate handshake
+	messages to truncate extension negotiation messages potentially
+	leading to less secure client authentication algorithms or deactivating
+	keystroke timing attack countermeasures.</p>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2023-48795</cvename>
+      <freebsdsa>SA-23:19.openssh</freebsdsa>
+    </references>
+    <dates>
+      <discovery>2023-12-19</discovery>
+      <entry>2024-01-02</entry>
+    </dates>
+  </vuln>