git: e67d42a3461b - main - security/vuxml: Document OpenSSL 3.0 vulnerabilities

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Bernard Spil <brnrd_at_FreeBSD.org>
Date: Tue, 01 Nov 2022 17:22:46 UTC
The branch main has been updated by brnrd:

URL: https://cgit.FreeBSD.org/ports/commit/?id=e67d42a3461b0bd42efe02259c52e98cfa27f051

commit e67d42a3461b0bd42efe02259c52e98cfa27f051
Author:     Bernard Spil <brnrd@FreeBSD.org>
AuthorDate: 2022-11-01 17:22:42 +0000
Commit:     Bernard Spil <brnrd@FreeBSD.org>
CommitDate: 2022-11-01 17:22:42 +0000

    security/vuxml: Document OpenSSL 3.0 vulnerabilities
---
 security/vuxml/vuln-2022.xml | 34 +++++++++++++++++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml
index e29d2822b46b..ade308d2ed3d 100644
--- a/security/vuxml/vuln-2022.xml
+++ b/security/vuxml/vuln-2022.xml
@@ -1,3 +1,35 @@
+  <vuln vid="0844671c-5a09-11ed-856e-d4c9ef517024">
+    <topic>OpenSSL -- Buffer overflows in Email verification</topic>
+    <affects>
+      <package>
+	<name>openssl-devel</name>
+	<range><lt>3.0.7</lt></range>
+      </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>The OpenSSL project reports:</p>
+	<blockquote cite="https://www.openssl.org/news/secadv/20221101.txt">
+	  <p>X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) (High):
+	    A buffer overrun can be triggered in X.509 certificate verification,
+	    specifically in name constraint checking.</p>
+	  <p>X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786)
+	    (High): A buffer overrun can be triggered in X.509 certificate
+	    verification, specifically in name constraint checking.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <cvename>CVE-2022-3602</cvename>
+      <cvename>CVE-2022-3786</cvename>
+      <url>https://www.openssl.org/news/secadv/20221101.txt</url>
+    </references>
+    <dates>
+      <discovery>2022-11-01</discovery>
+      <entry>2022-11-01</entry>
+    </dates>
+  </vuln>
+
   <vuln vid="4b9c1c17-587c-11ed-856e-d4c9ef517024">
     <topic>MySQL -- Multiple vulnerabilities</topic>
     <affects>
@@ -403,7 +435,7 @@
     </description>
     <references>
       <cvename>CVE-2022-3358</cvename>
-      <url>https://www.openssl.org/news/secadv/20221011.txtE</url>
+      <url>https://www.openssl.org/news/secadv/20221011.txt</url>
     </references>
     <dates>
       <discovery>2022-10-11</discovery>