From owner-freebsd-ports@FreeBSD.ORG Thu May 1 08:33:44 2014 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 57EF5512 for ; Thu, 1 May 2014 08:33:44 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id F3DA81DE4 for ; Thu, 1 May 2014 08:33:43 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.8/8.14.8) with ESMTP id s418XcNo087133 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Thu, 1 May 2014 09:33:38 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) DKIM-Filter: OpenDKIM Filter v2.8.3 smtp.infracaninophile.co.uk s418XcNo087133 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1398933218; bh=eWXdOSp67GohkH5fd5ppdLP5yboNbc5frzWteaGNBD4=; h=Date:From:To:Subject:References:In-Reply-To; z=Date:=20Thu,=2001=20May=202014=2009:33:30=20+0100|From:=20Matthew =20Seaman=20|To:=20freebsd-ports@ freebsd.org|Subject:=20Re:=20Updating=20portaudit=20-=20strongswan =20(5.1.1)=20CVE|References:=20<5361D6D7.8010103@heuristicsystems. com.au>|In-Reply-To:=20<5361D6D7.8010103@heuristicsystems.com.au>; b=GiQG5W8H39lo3nHZpf7HrGyi9kFpyZj8Vamj4iGqh0rCVOpmwZvekWrrd4UMr7b1b 4T9j+xYpmRJxZjbpNejZJckiEZb5+zR4bRAEVd68sGKy68oEo6ntF/rQc8zrOBegjG eaVPrC+CDAqK4dsSg0jwihdyzpKCfJVw9YAGKOIo= X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <536206DA.50503@infracaninophile.co.uk> Date: Thu, 01 May 2014 09:33:30 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0 MIME-Version: 1.0 To: freebsd-ports@freebsd.org Subject: Re: Updating portaudit - strongswan (5.1.1) CVE References: <5361D6D7.8010103@heuristicsystems.com.au> In-Reply-To: <5361D6D7.8010103@heuristicsystems.com.au> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U" X-Virus-Scanned: clamav-milter 0.98.1 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.7 required=5.0 tests=AWL,BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,RDNS_NONE autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 08:33:44 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/01/14 06:08, Dewayne Geraghty wrote: > We updated strongswan yesterday and noticed in their changelog the > resolution of CVE2014-2338 in strongswan 5.1.3 which was released on > 14th April '14. Secunia advises that this has a "moderately critical" > rating. >=20 > I've examined the references below and other web searching, but haven't= > been able to find a way to "notify" the portaudit mechanism of a port > vulnerability. Portaudit data derives from vuxml -- your best bet here is to prod the port's maintainer preferably by means of a PR. Make it clear this is a security fix. The maintainer should supply a patch to vuln.xml as part of the update to 5.1.3, or else the committer should add one. Alternatively, and if you don't get a timely response from the maintainer, bring up the issue on the freebsd-ports@.... mailing list, which you've done. Cheers, Matthew --xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTYgbiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn5d8QAJd/0dnBCHBFnP4tnkifMnQt QvLqCBdYZ06nGuBpnhAyDVjtTWKLYbBIaF404GMMRrPUMp/3HxG8sewXlpV1xcW0 bSxe6RrokDwrH1sbj1xMRUeG9TkttbzvJZSZoVjTs03SUnbIpawO77vSU0RY4kRP o+E1TghjMdGNXo8cGn6IOoqc1QvJd4BxyfdQb1F4E23UHR26ROEL1re6mVUVeM27 Hw4hN6sDs26vAEhiS1CIvIWIBxYElVCRkS46W20QY6vciT8nFfLl+ijNz0PrZekF 3pFwmfPE09cq8s7QvnvdVsGTCq61xeMUHITy1aiVPoSq8LrNZ4R44TpfLw+f2vQB pZYgx+wD49GP8F1LqEGdUo/NqK658WnnUK9sbVQ0C0Ws8spLpqsMOwZ6iMWNRnKc JfdKTDiaV+DkDonsYLBz/AL/NcghjdWRHSy4hoJRPC9iTETVluXa1KT8DqrYhJ4K B0z5vnvchSZS0EHJHCVHr9+dCeLEXhc8ekt8cv+CotRXnzJY8dHQlrQDeP+fvQJc H/orw2F3Nithy5QH7Yzq0qoNHf1gQdtnxg652GBkBAiDi+dJsCi73TTb0NQASjbP PdSxqPpflLtoJPHasDsL5+k3l8RX5eT3NIrSs1qEn5mBv6OSbYcXjXSf9yUIKV4+ iFfZ9I3PE/hrhMiuzi9A =Xz2y -----END PGP SIGNATURE----- --xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U--