Date: Thu, 01 May 2014 09:33:30 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-ports@freebsd.org Subject: Re: Updating portaudit - strongswan (5.1.1) CVE Message-ID: <536206DA.50503@infracaninophile.co.uk> In-Reply-To: <5361D6D7.8010103@heuristicsystems.com.au> References: <5361D6D7.8010103@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 05/01/14 06:08, Dewayne Geraghty wrote: > We updated strongswan yesterday and noticed in their changelog the > resolution of CVE2014-2338 in strongswan 5.1.3 which was released on > 14th April '14. Secunia advises that this has a "moderately critical" > rating. >=20 > I've examined the references below and other web searching, but haven't= > been able to find a way to "notify" the portaudit mechanism of a port > vulnerability. Portaudit data derives from vuxml -- your best bet here is to prod the port's maintainer preferably by means of a PR. Make it clear this is a security fix. The maintainer should supply a patch to vuln.xml as part of the update to 5.1.3, or else the committer should add one. Alternatively, and if you don't get a timely response from the maintainer, bring up the issue on the freebsd-ports@.... mailing list, which you've done. Cheers, Matthew --xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTYgbiXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn5d8QAJd/0dnBCHBFnP4tnkifMnQt QvLqCBdYZ06nGuBpnhAyDVjtTWKLYbBIaF404GMMRrPUMp/3HxG8sewXlpV1xcW0 bSxe6RrokDwrH1sbj1xMRUeG9TkttbzvJZSZoVjTs03SUnbIpawO77vSU0RY4kRP o+E1TghjMdGNXo8cGn6IOoqc1QvJd4BxyfdQb1F4E23UHR26ROEL1re6mVUVeM27 Hw4hN6sDs26vAEhiS1CIvIWIBxYElVCRkS46W20QY6vciT8nFfLl+ijNz0PrZekF 3pFwmfPE09cq8s7QvnvdVsGTCq61xeMUHITy1aiVPoSq8LrNZ4R44TpfLw+f2vQB pZYgx+wD49GP8F1LqEGdUo/NqK658WnnUK9sbVQ0C0Ws8spLpqsMOwZ6iMWNRnKc JfdKTDiaV+DkDonsYLBz/AL/NcghjdWRHSy4hoJRPC9iTETVluXa1KT8DqrYhJ4K B0z5vnvchSZS0EHJHCVHr9+dCeLEXhc8ekt8cv+CotRXnzJY8dHQlrQDeP+fvQJc H/orw2F3Nithy5QH7Yzq0qoNHf1gQdtnxg652GBkBAiDi+dJsCi73TTb0NQASjbP PdSxqPpflLtoJPHasDsL5+k3l8RX5eT3NIrSs1qEn5mBv6OSbYcXjXSf9yUIKV4+ iFfZ9I3PE/hrhMiuzi9A =Xz2y -----END PGP SIGNATURE----- --xFvO6F9eAtsrF7Fo1q1XnTRkDbPKiqA7U--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?536206DA.50503>