Date: Wed, 26 Jan 2022 19:10:00 GMT From: Dries Michiels <driesm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 1664a80ef8d3 - main - security/vuxml: Document security/strongswan CVE-2021-45079 Message-ID: <202201261910.20QJA0jw087517@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by driesm: URL: https://cgit.FreeBSD.org/ports/commit/?id=1664a80ef8d30a2b39166f9f2bb8ad1e82661962 commit 1664a80ef8d30a2b39166f9f2bb8ad1e82661962 Author: Francois ten Krooden <strongswan@Nanoteq.com> AuthorDate: 2022-01-26 18:13:24 +0000 Commit: Dries Michiels <driesm@FreeBSD.org> CommitDate: 2022-01-26 18:54:49 +0000 security/vuxml: Document security/strongswan CVE-2021-45079 PR: 261462 --- security/vuxml/vuln-2022.xml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index deff98e95256..f0f0d7dd6ca9 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,34 @@ + <vuln vid="ccaea96b-7dcd-11ec-93df-00224d821998"> + <topic>strongswan - Incorrect Handling of Early EAP-Success Messages</topic> + <affects> + <package> + <name>strongswan</name> + <range><lt>5.9.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Strongswan Release Notes reports:</p> + <blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.5">; + <p>Fixed a vulnerability in the EAP client implementation + that was caused by incorrectly handling early EAP-Success + messages. It may allow to bypass the client and in some + scenarios even the server authentication, or could lead to + a denial-of-service attack. This vulnerability has been + registered as CVE-2021-45079.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-45079</cvename> + <url>https://www.strongswan.org/blog/2022/01/24/strongswan-vulnerability-(cve-2021-45079).html</url>; + </references> + <dates> + <discovery>2021-12-16</discovery> + <entry>2022-01-25</entry> + </dates> + </vuln> + <vuln vid="58528a94-5100-4208-a04d-edc01598cf01"> <topic>strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201261910.20QJA0jw087517>