Date: Mon, 6 Jan 2014 15:54:13 +0200 From: Francois ten Krooden <ftk@Nanoteq.com> To: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au>, dycuo123 <dycuo123@gmail.com>, strongswan <strongswan@Nanoteq.com> Cc: "ports@freebsd.org" <ports@freebsd.org> Subject: RE: Request for strongSwan and Poptop (pptpd) ports update Message-ID: <E9504166C8F77C4B8CCA70C6215A34873F3EBA1A3E@ntq-ex.nanoteq.co.za> In-Reply-To: <52CA4B54.4050908@heuristicsystems.com.au> References: <CAFH3Gyx5k3T=8zTb0pioODMDCYm5-ZDrxc2Y8T7dTjoHjMKzrA@mail.gmail.com>, <52CA4B54.4050908@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Dewayne Those vulnerabilities is fixed in version 5.1.1 for which the patch is alre= ady submitted, but have not yet been applied. I will submit a new patch no= w with high availability feature removed since this is not working correctl= y when I performed further testing on the port. I was still waiting for a committer to submit the changes to the ports tree= . Kind regards Francois ten Krooden ________________________________________ From: Dewayne Geraghty [dewayne.geraghty@heuristicsystems.com.au] Sent: Monday, January 06, 2014 8:21 AM To: dycuo123; strongswan Cc: ports@freebsd.org Subject: Re: Request for strongSwan and Poptop (pptpd) ports update On 5/01/2014 6:08 AM, dycuo123 wrote: > Hi,there > > Do you guys have some time to update these two? Many thanks! > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > Its probably better if you direct your request to the maintainer of the port, ideally using http://www.freebsd.org/send-pr.html, identifying the upgrade benefits and further details to pique their interest. For example, strongswan: Current ports version is 5.0.4 and released version by strongswan is 5.1.1 (version 5.1.2 is scheduled for February) Reasons for the request are: 1. Rectification of security vulnerabilities allowing Denial of Service: https://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-6075 https://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-6076 https://web.nvd.nist.gov/view/vuln/detail?vulnId=3DCVE-2013-5018 2. Rectification of security vulnerabilities allowing user impersonation and bypassing access restrictions CVE-2013-6075 (above) 3. Refer to change log http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51, specifically ... But of course the first thing to do is to use http://www.freebsd.org/cgi/query-pr-summary.cgi to check if the request has already been made. And in this instance it has! Please refer to http://www.freebsd.org/cgi/query-pr.cgi?pr=3Dports/183688 And given the outstanding CVEs I'd suggest that you apply the patches, if you're going to use this port; pending maintainer's availability. Francois, I've included you, as the CVE's should push this update from a low priority/non-critical category to a medium given that it can be DOS'ed via the network without authentication. (And unfortunately IKEv1 is required for iPhone clients using IPSEC) Regards, Dewayne. Important Notice: This e-mail and its contents are subject to the Nanoteq (Pty) Ltd e-mail le= gal notice available at: http://www.nanoteq.com/AboutUs/EmailDisclaimer.aspx
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E9504166C8F77C4B8CCA70C6215A34873F3EBA1A3E>