[Bug 268069] security/clamav: 1.0.0 does no work with cld and cvd files
- In reply to: bugzilla-noreply_a_freebsd.org: "[Bug 268069] clamav 1.0.0 does no work with cld and cvd files"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 15 Dec 2022 16:37:38 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268069 --- Comment #33 from fsbruva@yahoo.com --- (In reply to Yasuhiro Kimura from comment #31) That's a fair assessment. From my perspective, given the age of openssl in the 12.3-RELEASE system (1.1.1l, circa Aug 2021), it shouldn't be surprising that I and others are using the port version. The base openssl was built with numerous unsafe/obsolete ciphers, hashes and protocols, including: RC2, RC4, MD2, and MD4. This makes it unsuitable for a number of purposes, including as crypto engine in webserver. Upgrading to the latest in ports (1.1.1s, circa Nov 2022) closes the following vulnerabilities, among other bugs: CVE-2022-0778, CVE-2022-1292, CVE-2022-2068, CVE-2022-2097 -- You are receiving this mail because: You are the assignee for the bug.