FreeBSD Mail Archives

Date:      Fri, 13 Mar 2026 14:57:34 +0000
From:      Bernard Spil <brnrd@FreeBSD.org>
To:        ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org
Subject:   git: 3fa91f54ec42 - main - security/vuxml: Document OpenSSL 3.5/3.6 vulnerability
Message-ID:  <69b425de.393ca.70ceb332@gitrepo.freebsd.org>

index | next in thread | raw e-mail


The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=3fa91f54ec42eecdaf5c9b491cace89a16e1735b

commit 3fa91f54ec42eecdaf5c9b491cace89a16e1735b
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2026-03-13 14:57:05 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2026-03-13 14:57:05 +0000

    security/vuxml: Document OpenSSL 3.5/3.6 vulnerability
---
 security/vuxml/vuln/2026.xml | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml
index 1c728176e361..8bff2564c5e4 100644
--- a/security/vuxml/vuln/2026.xml
+++ b/security/vuxml/vuln/2026.xml
@@ -1,3 +1,36 @@
+  <vuln vid="ee1e6a24-1eeb-11f1-81da-8447094a420f">
+    <topic>OpenSSL -- key agreement vulnerability</topic>
+    <affects>
+      <package>
+	<name>openssl35</name>
+	<range><lt>3.5.5_1</lt></range>
+      </package>
+      <package>
+	<name>openssl36</name>
+	<range><lt>3.6.1_1</lt></range>
+      </package>
+    </affects>
+    <description>
+	<body xmlns="http://www.w3.org/1999/xhtml">;
+	<p>The OpenSSL project reports:</p>
+	<blockquote cite="https://openssl-library.org/news/secadv/20260313.txt">;
+	  <p>TLS 1.3 server may choose unexpected key agreement group (Low)</p>
+	  <p>An OpenSSL TLS 1.3 server may fail to negotiate the expected
+	    preferred key exchange group when its key exchange group configuration includes
+	    the default by using the "DEFAULT" keyword.</p>
+	</blockquote>
+	</body>
+    </description>
+    <references>
+      <cvename>CVE-2026-2673</cvename>
+      <url>https://openssl-library.org/news/secadv/20260313.txt</url>;
+    </references>
+    <dates>
+      <discovery>2026-03-13</discovery>
+      <entry>2026-03-13</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="b45d25ab-1de3-11f1-8aff-b42e991fc52e">
     <topic>Mozilla -- Undefined behavior in the DOM: Core &amp; HTML component</topic>
     <affects>

home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69b425de.393ca.70ceb332>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation