diff options
author | Dmitri Goutnik <dmgk@FreeBSD.org> | 2021-07-13 12:00:55 +0000 |
---|---|---|
committer | Dmitri Goutnik <dmgk@FreeBSD.org> | 2021-07-13 12:01:52 +0000 |
commit | ea4ec27ac98d25b0d077fba948a1e900da3f606d (patch) | |
tree | 73918c657452110b195526c8dc486c42ee20ff5f | |
parent | 0f1f3e08acfcb1b920cea7097a83cbe21e5ddf5a (diff) | |
download | ports-ea4ec27ac98d25b0d077fba948a1e900da3f606d.tar.gz ports-ea4ec27ac98d25b0d077fba948a1e900da3f606d.zip |
security/vuxml: Document lang/go vulnerability
-rw-r--r-- | security/vuxml/vuln-2021.xml | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 6b3c968fe90e..c30f6e3a6eb5 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,38 @@ + <vuln vid="c365536d-e3cf-11eb-9d8d-b37b683944c2"> + <topic>go -- crypto/tls: clients can panic when provided a certificate of the wrong type for the negotiated parameters</topic> + <affects> + <package> + <name>go</name> + <range><lt>1.16.6,1</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Go project reports:</p> + <blockquote cite="https://github.com/golang/go/issues/47143"> + <p>crypto/tls clients can panic when provided a certificate of + the wrong type for the negotiated parameters. net/http clients + performing HTTPS requests are also affected. The panic can be + triggered by an attacker in a privileged network position + without access to the server certificate's private key, as + long as a trusted ECDSA or Ed25519 certificate for the server + exists (or can be issued), or the client is configured with + Config.InsecureSkipVerify. Clients that disable all TLS_RSA + cipher suites (that is, TLS 1.0–1.2 cipher suites without + ECDHE), as well as TLS 1.3-only clients, are unaffected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-34558</cvename> + <url>https://github.com/golang/go/issues/47143</url> + </references> + <dates> + <discovery>2021-07-07</discovery> + <entry>2021-07-12</entry> + </dates> + </vuln> + <vuln vid="9b1699ff-d84c-11eb-92d6-1b6ff3dfe4d3"> <topic>mantis -- multiple vulnerabilities</topic> <affects> |