Date: Mon, 08 Jun 2026 17:29:41 +0000 From: R. Christian McDonald <rcm@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: c8ffb7af8cdc - main - security/vuxml: Add entry for strongSwan CVE-2026-47895 Message-ID: <6a26fc05.32564.4024825f@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by rcm: URL: https://cgit.FreeBSD.org/ports/commit/?id=c8ffb7af8cdc441c4c9a2527bbf2dc99a0925976 commit c8ffb7af8cdc441c4c9a2527bbf2dc99a0925976 Author: R. Christian McDonald <rcm@FreeBSD.org> AuthorDate: 2026-06-08 17:24:09 +0000 Commit: R. Christian McDonald <rcm@FreeBSD.org> CommitDate: 2026-06-08 17:24:09 +0000 security/vuxml: Add entry for strongSwan CVE-2026-47895 PR: 295936 Sponsored by: Rubicon Communications, LLC ("Netgate") --- security/vuxml/vuln/2026.xml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/security/vuxml/vuln/2026.xml b/security/vuxml/vuln/2026.xml index 8750665c3279..a36d0f8ad807 100644 --- a/security/vuxml/vuln/2026.xml +++ b/security/vuxml/vuln/2026.xml @@ -1,3 +1,32 @@ + <vuln vid="a207a367-6359-11f1-8c57-000af7b98cf6"> + <topic>strongSwan -- Double-free when destroying certain cloned identities that can lead to remote code execution</topic> + <affects> + <package> + <name>strongswan</name> + <range><ge>4.3.3</ge><lt>6.0.7</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>R. Elliott Childre reports:</p> + <blockquote cite="https://www.strongswan.org/blog/2026/06/08/strongswan-vulnerability-(cve-2026-47895).html">; + <p>The clone() method of the identification_t class doesn't correctly handle identities that have an empty but + non-NULL encoding. Both objects will point to the same location, resulting in a double-free once the second object + is destroyed. This can lead to a crash and could potentially be exploitable for remote code execution. Affected are + all strongSwan versions since 4.3.3.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2026-47895</cvename> + <url>https://www.cve.org/CVERecord?id=CVE-2026-47895</url>; + </references> + <dates> + <discovery>2026-06-08</discovery> + <entry>2026-06-08</entry> + </dates> + </vuln> + <vuln vid="df803002-624e-11f1-8607-8447094a420f"> <topic>Weechat -- Multiple vulnerabilities</topic> <affects>home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a26fc05.32564.4024825f>