Date: Wed, 26 Jan 2022 04:48:18 GMT From: Li-Wen Hsu <lwhsu@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: f7875319cd71 - main - security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan Message-ID: <202201260448.20Q4mIPs034066@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by lwhsu: URL: https://cgit.FreeBSD.org/ports/commit/?id=f7875319cd715adf4ba9c016fa937e78dd073e44 commit f7875319cd715adf4ba9c016fa937e78dd073e44 Author: Francois ten Krooden <strongswan@Nanoteq.com> AuthorDate: 2022-01-25 16:03:23 +0000 Commit: Li-Wen Hsu <lwhsu@FreeBSD.org> CommitDate: 2022-01-26 04:44:03 +0000 security/vuxml: Add CVE-2021-41990 and CVE-2021-41991 for security/strongswan PR: 259267 --- security/vuxml/vuln-2022.xml | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index 2fa7d3c2d9fe..deff98e95256 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,38 @@ + <vuln vid="58528a94-5100-4208-a04d-edc01598cf01"> + <topic>strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache</topic> + <affects> + <package> + <name>strongswan</name> + <range><lt>5.9.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Strongswan Release Notes reports:</p> + <blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.4">; + <p>Fixed a denial-of-service vulnerability in the gmp plugin that + was caused by an integer overflow when processing RSASSA-PSS + signatures with very large salt lengths. This vulnerability has + been registered as CVE-2021-41990.</p> + <p>Fixed a denial-of-service vulnerability in the in-memory + certificate cache if certificates are replaced and a very large + random value caused an integer overflow. This vulnerability has + been registered as CVE-2021-41991.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2021-41990</cvename> + <cvename>CVE-2021-41991</cvename> + <url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html</url>; + <url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html</url>; + </references> + <dates> + <discovery>2021-10-04</discovery> + <entry>2022-01-25</entry> + </dates> + </vuln> + <vuln vid="309c35f4-7c9f-11ec-a739-206a8a720317"> <topic>aide -- heap-based buffer overflow</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202201260448.20Q4mIPs034066>