git: bbbc5396ce2d - main - security/vuxml: Document credential leakage vulnerability
Carlo Strub
cs at FreeBSD.org
Sat Aug 14 19:42:44 UTC 2021
The branch main has been updated by cs:
URL: https://cgit.FreeBSD.org/ports/commit/?id=bbbc5396ce2d85b6566aa76854670ce6f23a2574
commit bbbc5396ce2d85b6566aa76854670ce6f23a2574
Author: Carlo Strub <cs at FreeBSD.org>
AuthorDate: 2021-08-14 19:41:58 +0000
Commit: Carlo Strub <cs at FreeBSD.org>
CommitDate: 2021-08-14 19:41:58 +0000
security/vuxml: Document credential leakage vulnerability
Security: e9200f8e-fd34-11eb-afb1-c85b76ce9b5a
---
security/vuxml/vuln-2021.xml | 38 ++++++++++++++++++++++++++++++++++++++
1 file changed, 38 insertions(+)
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml
index 6cba3b72e130..761e0b1b56f2 100644
--- a/security/vuxml/vuln-2021.xml
+++ b/security/vuxml/vuln-2021.xml
@@ -1,3 +1,41 @@
+ <vuln vid="e9200f8e-fd34-11eb-afb1-c85b76ce9b5a">
+ <topic>lynx -- SSL certificate validation error</topic>
+ <affects>
+ <package>
+ <name>ja-lynx</name>
+ <range><lt>2.8.10</lt></range>
+ </package>
+ <package>
+ <name>ja-lynx-current</name>
+ <range><lt>2.9.1</lt></range>
+ </package>
+ <package>
+ <name>lynx</name>
+ <range><lt>2.8.10</lt></range>
+ </package>
+ <package>
+ <name>lynx-current</name>
+ <range><lt>2.9.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Axel Beckert reports:</p>
+ <blockquote cite="https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html">
+ <p>[...] I was able to capture the password given on the commandline in traffic
+of an TLS handshake using tcpdump and analysing it with Wireshark: [...]</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html</url>
+ </references>
+ <dates>
+ <discovery>2021-08-07</discovery>
+ <entry>2021-08-14</entry>
+ </dates>
+ </vuln>
+
<vuln vid="b471130b-fb86-11eb-87db-6cc21735f730">
<topic>PostgreSQL server -- Memory disclosure in certain queries</topic>
<affects>
More information about the dev-commits-ports-all
mailing list