On 14/05/16 10:50, Matthias Andree wrote: > Am 10.05.2016 um 12:06 schrieb Samuli Seppänen: >> The OpenVPN community project team is proud to release OpenVPN 2.3.11. >> It can be downloaded from here: >> >> <http://openvpn.net/index.php/open-source/downloads.html> >> >> This release fixes two vulnerabilities: a port-share bug with DoS >> potential and a buffer overflow by user supplied data when using pam >> authentication. In addition a number of small fixes and improvements are >> included. A full list of changes is available here: >> >> <https://community.openvpn.net/openvpn/wiki/ChangesInOpenvpn23> > > I was wondering... do we have CVE references or similar unique > identifiers, which I could then use - for instance - in the FreeBSD > vulnerability database?
We have a few annotations to commits which references CVEs. The tricky thing is that we might have committed fixes before a CVE number have been assigned. In addition we also have the security announcements wiki page which mentions CVE references: <https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements> -- kind regards, David Sommerseth
