Changeset View
Changeset View
Standalone View
Standalone View
head/security/vuxml/vuln.xml
- This file is larger than 256 KB, so syntax highlighting is disabled by default.
| Show First 20 Lines • Show All 52 Lines • ▼ Show 20 Lines | |||||
| Help is also available from ports-security@freebsd.org. | Help is also available from ports-security@freebsd.org. | ||||
| Notes: | Notes: | ||||
| * Please add new entries to the beginning of this file. | * Please add new entries to the beginning of this file. | ||||
| * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) | ||||
| --> | --> | ||||
| <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> | ||||
| <vuln vid="1e967072-7cac-11ea-bf4c-240a644dd835"> | |||||
| <topic>Client/server denial of service when handling AES-CTR ciphers</topic> | |||||
| <affects> | |||||
| <package> | |||||
| <name>libssh</name> | |||||
| <range><ge>0.8.0</ge><lt>0.8.9</lt></range> | |||||
| <range><ge>0.9.0</ge><lt>0.9.4</lt></range> | |||||
| </package> | |||||
| </affects> | |||||
| <description> | |||||
| <body xmlns="http://www.w3.org/1999/xhtml"> | |||||
| <p>The libssh team reports (originally reported by Yasheng Yang from | |||||
| Google):</p> | |||||
| <blockquote cite="https://www.libssh.org/security/advisories/CVE-2020-1730.txt"> | |||||
| <p>A malicious client or server could crash the counterpart implemented | |||||
| with libssh AES-CTR ciphers are used and don't get fully initialized. It | |||||
| will crash when it tries to cleanup the AES-CTR ciphers when closing the | |||||
| connection.</p> | |||||
| </blockquote> | |||||
| </body> | |||||
| </description> | |||||
| <references> | |||||
| <url>https://www.libssh.org/security/advisories/CVE-2020-1730.txt"</url> | |||||
| <cvename>CVE-2020-1730</cvename> | |||||
| </references> | |||||
| <dates> | |||||
| <discovery>2020-04-09</discovery> | |||||
| <entry>2020-04-12</entry> | |||||
| </dates> | |||||
| </vuln> | |||||
| <vuln vid="6e3b700a-7ca3-11ea-b594-3065ec8fd3ec"> | <vuln vid="6e3b700a-7ca3-11ea-b594-3065ec8fd3ec"> | ||||
| <topic>chromium -- multiple vulnerabilities</topic> | <topic>chromium -- multiple vulnerabilities</topic> | ||||
| <affects> | <affects> | ||||
| <package> | <package> | ||||
| <name>chromium</name> | <name>chromium</name> | ||||
| <range><lt>81.0.4044.92</lt></range> | <range><lt>81.0.4044.92</lt></range> | ||||
| </package> | </package> | ||||
| </affects> | </affects> | ||||
| ▲ Show 20 Lines • Show All 32,759 Lines • Show Last 20 Lines | |||||