From owner-freebsd-ports@FreeBSD.ORG Thu May 1 05:58:30 2014 Return-Path: Delivered-To: ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D6B1BF98; Thu, 1 May 2014 05:58:30 +0000 (UTC) Received: from nschwmtas02p.mx.bigpond.com (nschwmtas02p.mx.bigpond.com [61.9.189.140]) by mx1.freebsd.org (Postfix) with ESMTP id 48D5A105B; Thu, 1 May 2014 05:58:29 +0000 (UTC) Received: from nschwcmgw07p ([61.9.190.167]) by nschwmtas02p.mx.bigpond.com with ESMTP id <20140501055821.UXFA12338.nschwmtas02p.mx.bigpond.com@nschwcmgw07p>; Thu, 1 May 2014 05:58:21 +0000 Received: from hermes.heuristicsystems.com.au ([121.210.107.100]) by nschwcmgw07p with BigPond Outbound id wVyL1n00M29zwdD01VyLUP; Thu, 01 May 2014 05:58:21 +0000 X-Authority-Analysis: v=2.0 cv=Os7NOlDt c=1 sm=1 a=SEJ2iDwVkb98DYvesvueMw==:17 a=JipEcVzqA9wA:10 a=mIAxSiBhUiUA:10 a=8nJEP1OIZ-IA:10 a=GHIR_BbyAAAA:8 a=6I5d2MoRAAAA:8 a=iuKqFymRQ1_81EiJ-fQA:9 a=wPNLvfGTeEIA:10 a=FdLfEJsbHb0A:10 a=Nuk2xs74UBEA:10 a=45Lk9EESzuIA:10 a=SEJ2iDwVkb98DYvesvueMw==:117 Received: from [10.0.5.3] (ewsw01.hs [10.0.5.3]) (authenticated bits=0) by hermes.heuristicsystems.com.au (8.14.5/8.13.6) with ESMTP id s4159EmI016085 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Thu, 1 May 2014 15:09:14 +1000 (EST) (envelope-from dewayne.geraghty@heuristicsystems.com.au) Message-ID: <5361D6D7.8010103@heuristicsystems.com.au> Date: Thu, 01 May 2014 15:08:39 +1000 From: Dewayne Geraghty User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: "ports@FreeBSD.org" Subject: Updating portaudit - strongswan (5.1.1) CVE Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: security-officer@FreeBSD.org X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 May 2014 05:58:30 -0000 We updated strongswan yesterday and noticed in their changelog the resolution of CVE2014-2338 in strongswan 5.1.3 which was released on 14th April '14. Secunia advises that this has a "moderately critical" rating. I've examined the references below and other web searching, but haven't been able to find a way to "notify" the portaudit mechanism of a port vulnerability. Would it be possible to mention how a port vulnerability can be raised for review/entry into the portaudit database? Ideally at one or more of the references below. It may be as simple as a new category at http://www.freebsd.org/send-pr.html. Refs: http://www.freebsd.org/security/#sec http://www.freebsd.org/security/reporting.html http://www.freebsd.org/doc/handbook/security-portaudit.html http://portaudit.freebsd.org/ Update request: http://www.freebsd.org/cgi/query-pr.cgi?pr=189132 Regards, Dewayne