diff options
author | Jason E. Hale <jhale@FreeBSD.org> | 2016-12-07 00:30:49 +0000 |
---|---|---|
committer | Jason E. Hale <jhale@FreeBSD.org> | 2016-12-07 00:30:49 +0000 |
commit | 8903d775bb98d5791cdb2c50105f4aca66052622 (patch) | |
tree | 27c6246dfdf6040ba235f687184339dd722d0ca2 /security | |
parent | 5490c47768888323ef01fc93d5215bba7e95444f (diff) | |
download | ports-8903d775bb98d5791cdb2c50105f4aca66052622.tar.gz ports-8903d775bb98d5791cdb2c50105f4aca66052622.zip |
Notes
Diffstat (limited to 'security')
-rw-r--r-- | security/vuxml/vuln.xml | 43 |
1 files changed, 43 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 9391a4516133..9723d0a96fd8 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,49 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="eab68cff-bc0c-11e6-b2ca-001b3856973b"> + <topic>cryptopp -- multiple vulnerabilities</topic> + <affects> + <package> + <name>cryptopp</name> + <range><lt>5.6.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Multiple sources report:</p> + <blockquote cite="https://eprint.iacr.org/2015/368"> + <p>CVE-2015-2141: The InvertibleRWFunction::CalculateInverse function + in rw.cpp in libcrypt++ 5.6.2 does not properly blind private key + operations for the Rabin-Williams digital signature algorithm, which + allows remote attackers to obtain private keys via a timing attack. + Fixed in 5.6.3.</p> + </blockquote> + <blockquote cite="https://github.com/weidai11/cryptopp/issues/146"> + <p>CVE-2016-3995: Incorrect implementation of Rijndael timing attack + countermeasure. Fixed in 5.6.4.</p> + </blockquote> + <blockquote cite="https://github.com/weidai11/cryptopp/issues/277"> + <p>CVE-2016-7420: Library built without -DNDEBUG could egress sensitive + information to the filesystem via a core dump if an assert was triggered. + Fixed in 5.6.5.</p> + </blockquote> + </body> + </description> + <references> + <url>https://eprint.iacr.org/2015/368</url> + <url>https://github.com/weidai11/cryptopp/issues/146</url> + <url>https://github.com/weidai11/cryptopp/issues/277</url> + <cvename>CVE-2015-2141</cvename> + <cvename>CVE-2016-3995</cvename> + <cvename>CVE-2016-7420</cvename> + </references> + <dates> + <discovery>2015-02-27</discovery> + <entry>2016-12-06</entry> + </dates> + </vuln> + <vuln vid="e722e3c6-bbee-11e6-b1cf-14dae9d210b8"> <topic>FreeBSD -- bhyve(8) virtual machine escape</topic> <affects> |