diff options
| author | mandree <mandree@FreeBSD.org> | 2013-06-02 00:47:41 +0800 |
|---|---|---|
| committer | mandree <mandree@FreeBSD.org> | 2013-06-02 00:47:41 +0800 |
| commit | c46dc5cc0499a41c6ad08ae32bee45568ab37da6 (patch) | |
| tree | 237b27c6e1c3492fbc29802aed7d2b18f483f845 /security/vuxml | |
| parent | 16336539314ff2a5cdf1b3b2323fa7cc9db8c8a7 (diff) | |
| download | freebsd-ports-gnome-c46dc5cc0499a41c6ad08ae32bee45568ab37da6.tar.gz freebsd-ports-gnome-c46dc5cc0499a41c6ad08ae32bee45568ab37da6.tar.zst freebsd-ports-gnome-c46dc5cc0499a41c6ad08ae32bee45568ab37da6.zip | |
- Backport fix for CVE-2013-2061 to openvpn22 and openvpn20;
while it is unclear whether it affects OpenSSL-builds at all.
Let's play it safe.
- Reference CVE-2013-2061 name in OpenVPN's VuXML entry
- Mark 2.0.9_4 <= openvpn < 2.1.0 and 2.2.2_2 < openvpn < 2.3.0 not vulnerable
- Mark openvpn22 deprecated and to expire 2013-09-01.
(openvpn20 is already marked to expire 2013-07-11.)
Security: CVE-2013-2061
Security: 92f30415-9935-11e2-ad4c-080027ef73ec
Diffstat (limited to 'security/vuxml')
| -rw-r--r-- | security/vuxml/vuln.xml | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b18867c28f44..e5c4f844ad3b 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -1662,7 +1662,9 @@ Note: Please add new entries to the beginning of this file. <affects> <package> <name>openvpn</name> - <range><lt>2.3.1</lt></range> + <range><lt>2.0.9_4</lt></range> + <range><ge>2.1.0</ge><lt>2.2.2_2</lt></range> + <range><ge>2.3.0</ge><lt>2.3.1</lt></range> </package> </affects> <description> @@ -1677,10 +1679,12 @@ Note: Please add new entries to the beginning of this file. </description> <references> <url>https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc</url> + <cvename>CVE-2013-2061</cvename> </references> <dates> <discovery>2013-03-19</discovery> <entry>2013-03-31</entry> + <modified>2013-06-01</modified> </dates> </vuln> |