summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBernard Spil <brnrd@FreeBSD.org>2025-05-23 17:58:53 +0200
committerBernard Spil <brnrd@FreeBSD.org>2025-05-23 17:58:53 +0200
commitf318eff1736df191736ea4cec6b8571d9d8920f3 (patch)
tree6245319907e2a32cd62122d479978a50aaa76c9f
parentgraphics/p5-Image-ExifTool-devel: Update 13.29 => 13.30 (diff)
security/vuxml: Document OpenSSL 3.5 vulnerability
Diffstat
-rw-r--r--security/vuxml/vuln/2025.xml26
1 files changed, 26 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2025.xml b/security/vuxml/vuln/2025.xml
index f804b4c69245..a58ddfcd10db 100644
--- a/security/vuxml/vuln/2025.xml
+++ b/security/vuxml/vuln/2025.xml
@@ -1,3 +1,29 @@
+ <vuln vid="5baa64d6-37ee-11f0-a116-8447094a420f">
+ <topic>OpenSSL -- Inverted security logic in x509 app</topic>
+ <affects>
+ <package>
+ <name>openssl35</name>
+ <range><lt>3.5.0_1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The OpenSSL project reports:</p>
+ <blockquote cite="https://openssl-library.org/news/secadv/20250522.txt">
+ <p>The x509 application adds trusted use instead of rejected use (low)</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2025-4575</cvename>
+ <url>https://openssl-library.org/news/secadv/20250522.txt</url>
+ </references>
+ <dates>
+ <discovery>2025-05-23</discovery>
+ <entry>2025-05-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="6529e5e7-36d5-11f0-8f57-b42e991fc52e">
<topic>Firefox -- memory corruption due to race condition</topic>
<affects>
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-06 06:03:36 +0000