Date: Mon, 16 Nov 2015 14:06:56 +0000 (UTC) From: Renato Botelho <garga@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r401761 - head/security/vuxml Message-ID: <201511161406.tAGE6uFE004001@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: garga Date: Mon Nov 16 14:06:56 2015 New Revision: 401761 URL: https://svnweb.freebsd.org/changeset/ports/401761 Log: Register CVE 2015-8023 on VuXML. It affects strongswan < 5.3.4 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Mon Nov 16 14:03:49 2015 (r401760) +++ head/security/vuxml/vuln.xml Mon Nov 16 14:06:56 2015 (r401761) @@ -58,6 +58,35 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="3eb0ccc2-8c6a-11e5-8519-005056ac623e"> + <topic>strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin</topic> + <affects> + <package> + <name>strongswan</name> + <range><lt>5.3.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>Strongswan Release Notes reports:</p> + <blockquote cite="https://github.com/strongswan/strongswan/blob/master/NEWS">; + <p>Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that + was caused by insufficient verification of the internal state when handling + MSCHAPv2 Success messages received by the client. + This vulnerability has been registered as CVE-2015-8023.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-8023</cvename> + <url>ihttps://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2</url>; + </references> + <dates> + <discovery>2015-11-16</discovery> + <entry>2015-11-16</entry> + </dates> + </vuln> + <vuln vid="82b3ca2a-8c07-11e5-bd18-002590263bf5"> <topic>moodle -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201511161406.tAGE6uFE004001>