From owner-freebsd-ports-bugs@freebsd.org Thu May 31 10:18:53 2018 Return-Path: Delivered-To: freebsd-ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F027EEFD85D for ; Thu, 31 May 2018 10:18:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 885857C35A for ; Thu, 31 May 2018 10:18:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.ysv.freebsd.org (Postfix) id 4902CEFD85B; Thu, 31 May 2018 10:18:52 +0000 (UTC) Delivered-To: ports-bugs@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 37716EFD858 for ; Thu, 31 May 2018 10:18:52 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org [IPv6:2001:1900:2254:206a::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.ysv.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id C89C37C355 for ; Thu, 31 May 2018 10:18:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 263F6214E3 for ; Thu, 31 May 2018 10:18:51 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id w4VAIpdo075551 for ; Thu, 31 May 2018 10:18:51 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id w4VAIpJq075550 for ports-bugs@FreeBSD.org; Thu, 31 May 2018 10:18:51 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 228631] security/strongswan: Update to 5.6.3 (Fixes DOS Security Vulnerabilities) Date: Thu, 31 May 2018 10:18:50 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: strongswan@Nanoteq.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: ports-bugs@FreeBSD.org X-Bugzilla-Flags: maintainer-feedback+ X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name attachments.created Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 10:18:53 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D228631 Bug ID: 228631 Summary: security/strongswan: Update to 5.6.3 (Fixes DOS Security Vulnerabilities) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: strongswan@Nanoteq.com CC: garga@FreeBSD.org Attachment #193862 maintainer-approval+ Flags: Flags: maintainer-feedback+ Created attachment 193862 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D193862&action= =3Dedit strongSwan 5.6.3 Update Diff Updated to strongSwan 5.6.3 Fixes: - Denial-of-Service Vulnerability in the IKEv2 key derivation (CVE-2018-10= 811) - Denial-of-Service Vulnerability in the stroke plugin (CVE-2018-5388) - Crash on FreeBSD that was present in 5.6.2 - The kernel-pfkey plugin optionally installs routes via internal interface (one with an IP in the local traffic selector). On FreeBSD, enabling this selects the correct source IP when sending packets from the gateway itself. Note: The previous patch file that was added to fix the crash in 5.6.2 (files/patch-src_libcharon_sa_ikev2_authenticators_pubkey_authenticator.c) Is now removed from the update. --=20 You are receiving this mail because: You are the assignee for the bug.=