Date: Wed, 19 Jul 2017 09:43:30 +0000 (UTC) From: Olivier Cochard <olivier@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r446191 - head/security/vuxml Message-ID: <201707190943.v6J9hURD056017@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: olivier Date: Wed Jul 19 09:43:30 2017 New Revision: 446191 URL: https://svnweb.freebsd.org/changeset/ports/446191 Log: Document vulnerability in strongswan PR: 220823 Reported by: i.dani@outlook.com Security: CVE-2017-9022 Security: CVE-2017-9023 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed Jul 19 09:14:42 2017 (r446190) +++ head/security/vuxml/vuln.xml Wed Jul 19 09:43:30 2017 (r446191) @@ -58,6 +58,62 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"> + <topic>strongswan -- Insufficient Input Validation in gmp Plugin</topic> + <affects> + <package> + <name>strongswan</name> + <range><ge>4.4.0</ge><le>5.5.2</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>strongSwan security team reports:</p> + <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html">; + <p>RSA public keys passed to the gmp plugin aren't validated sufficiently + before attempting signature verification, so that invalid input might + lead to a floating point exception.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url>; + <cvename>CVE-2017-9022</cvename> + </references> + <dates> + <discovery>2017-05-30</discovery> + <entry>2017-07-19</entry> + </dates> + </vuln> + + <vuln vid="c7e8e955-6c61-11e7-9b01-2047478f2f70"> + <topic>strongswan -- Denial-of-service vulnerability in the x509 plugin</topic> + <affects> + <package> + <name>strongswan</name> + <range><le>5.5.3</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>strongSwan security team reports:</p> + <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html">; + <p>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when + parsing X.509 certificates with extensions that use such types. This + could lead to infinite looping of the thread parsing a specifically crafted certificate.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url>; + <cvename>cve-2017-9023</cvename> + </references> + <dates> + <discovery>2017-05-30</discovery> + <entry>2017-07-19</entry> + </dates> + </vuln> + <vuln vid="dc3c66e8-6a18-11e7-93af-005056925db4"> <topic>Cacti -- Cross-site scripting (XSS) vulnerability in link.php</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201707190943.v6J9hURD056017>