Date: Thu, 01 May 2014 15:08:39 +1000 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: "ports@FreeBSD.org" <ports@FreeBSD.org> Cc: security-officer@FreeBSD.org Subject: Updating portaudit - strongswan (5.1.1) CVE Message-ID: <5361D6D7.8010103@heuristicsystems.com.au>
next in thread | raw e-mail | index | archive | help
We updated strongswan yesterday and noticed in their changelog the resolution of CVE2014-2338 in strongswan 5.1.3 which was released on 14th April '14. Secunia advises that this has a "moderately critical" rating. I've examined the references below and other web searching, but haven't been able to find a way to "notify" the portaudit mechanism of a port vulnerability. Would it be possible to mention how a port vulnerability can be raised for review/entry into the portaudit database? Ideally at one or more of the references below. It may be as simple as a new category at http://www.freebsd.org/send-pr.html. Refs: http://www.freebsd.org/security/#sec http://www.freebsd.org/security/reporting.html http://www.freebsd.org/doc/handbook/security-portaudit.html http://portaudit.freebsd.org/ Update request: http://www.freebsd.org/cgi/query-pr.cgi?pr=189132 Regards, Dewayne
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5361D6D7.8010103>