git: adc7fa02aaa1 - main - security/vuxml: Document LibreSSL vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 08 Feb 2023 18:01:16 UTC
The branch main has been updated by brnrd:
URL: https://cgit.FreeBSD.org/ports/commit/?id=adc7fa02aaa15e4bab2913ca1885002e93233eb9
commit adc7fa02aaa15e4bab2913ca1885002e93233eb9
Author: Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2023-02-08 18:01:14 +0000
Commit: Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2023-02-08 18:01:14 +0000
security/vuxml: Document LibreSSL vulnerability
---
security/vuxml/vuln/2023.xml | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index 7e8e8b4550d7..1d15f7bdb99e 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,33 @@
+ <vuln vid="1dd84344-a7da-11ed-86e9-d4c9ef517024">
+ <topic>LibreSSL -- Arbitrary memory read</topic>
+ <affects>
+ <package>
+ <name>libressl</name>
+ <range><lt>3.5.4</lt></range>
+ </package>
+ <package>
+ <name>libressl-devel</name>
+ <range><lt>3.6.2</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenBSD project reports:</p>
+ <blockquote cite="https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt">
+ <p>A malicious certificate revocation list or timestamp response token
+ would allow an attacker to read arbitrary memory.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.5.4-relnotes.txt</url>
+ </references>
+ <dates>
+ <discovery>2023-02-08</discovery>
+ <entry>2023-02-08</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6cc63bf5-a727-4155-8ec4-68b626475e68">
<topic>xorg-server -- Security issue in the X server</topic>
<affects>