svn commit: r350560 - head/security/vuxml
Bryan Drewery
bdrewery at FreeBSD.org
Tue Apr 8 02:26:46 UTC 2014
Author: bdrewery
Date: Tue Apr 8 02:26:45 2014
New Revision: 350560
URL: http://svnweb.freebsd.org/changeset/ports/350560
QAT: https://qat.redports.org/buildarchive/r350560/
Log:
Add more information for OpenSSL bug
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Tue Apr 8 00:50:33 2014 (r350559)
+++ head/security/vuxml/vuln.xml Tue Apr 8 02:26:45 2014 (r350560)
@@ -68,6 +68,15 @@ Note: Please add new entries to the beg
<p>Affected users should upgrade to OpenSSL 1.0.1g. Users unable to immediately
upgrade can alternatively recompile OpenSSL with -DOPENSSL_NO_HEARTBEATS.</p>
</blockquote>
+ <blockquote cite="http://www.heartbleed.com">
+ <p>The bug allows anyone on the Internet to read the memory of the
+ systems protected by the vulnerable versions of the OpenSSL software.
+ This compromises the secret keys used to identify the service
+ providers and to encrypt the traffic, the names and passwords of the
+ users and the actual content. This allows attackers to eavesdrop
+ communications, steal data directly from the services and users and
+ to impersonate services and users.</p>
+ </blockquote>
<p>This also covers:</p>
<blockquote cite="https://www.openssl.org/news/vulnerabilities.html#2014-0076">
<p>Fix for the attack described in the paper "Recovering OpenSSL
More information about the svn-ports-all
mailing list