Date: Sun, 4 May 2014 12:43:28 +0000 (UTC) From: Ryan Steinmetz <zi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r352944 - head/security/vuxml Message-ID: <201405041243.s44ChSF3071542@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: zi Date: Sun May 4 12:43:27 2014 New Revision: 352944 URL: http://svnweb.freebsd.org/changeset/ports/352944 QAT: https://qat.redports.org/buildarchive/r352944/ Log: - Document strongSwan vulnerability (CVE-2014-2338) - Add additional reminder to document port variants Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Sun May 4 12:20:32 2014 (r352943) +++ head/security/vuxml/vuln.xml Sun May 4 12:43:27 2014 (r352944) @@ -51,10 +51,42 @@ a new entry is available in The Porter's Help is also available from ports-security@freebsd.org. -Note: Please add new entries to the beginning of this file. +Notes: + * Please add new entries to the beginning of this file. + * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="6fb521b0-d388-11e3-a790-000c2980a9f3"> + <topic>strongswan -- Remote Authentication Bypass</topic> + <affects> + <package> + <name>strongswan</name> + <range><lt>5.1.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>strongSwan developers report:</p> + <blockquote cite="www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-(cve-2014-2338).html"> + <p>Remote attackers are able to bypass authentication by rekeying an + IKE_SA during (1) initiation or (2) re-authentication, which + triggers the IKE_SA state to be set to established.</p> + <p>Only installations that actively initiate or re-authenticate IKEv2 + IKE_SAs are affected.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2014-2338</cvename> + <url>http://www.strongswan.org/blog/2014/04/14/strongswan-authentication-bypass-vulnerability-%28cve-2014-2338%29.html</url> + </references> + <dates> + <discovery>2014-03-12</discovery> + <entry>2014-05-04</entry> + </dates> + </vuln> + <vuln vid="670d732a-cdd4-11e3-aac2-0022fb6fcf92"> <topic>mohawk -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201405041243.s44ChSF3071542>