Date: Mon, 06 Jan 2014 17:21:08 +1100 From: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> To: dycuo123 <dycuo123@gmail.com>, strongswan@Nanoteq.com Cc: ports@freebsd.org Subject: Re: Request for strongSwan and Poptop (pptpd) ports update Message-ID: <52CA4B54.4050908@heuristicsystems.com.au> In-Reply-To: <CAFH3Gyx5k3T=8zTb0pioODMDCYm5-ZDrxc2Y8T7dTjoHjMKzrA@mail.gmail.com> References: <CAFH3Gyx5k3T=8zTb0pioODMDCYm5-ZDrxc2Y8T7dTjoHjMKzrA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/01/2014 6:08 AM, dycuo123 wrote: > Hi,there > > Do you guys have some time to update these two? Many thanks! > _______________________________________________ > freebsd-ports@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ports > To unsubscribe, send any mail to "freebsd-ports-unsubscribe@freebsd.org" > Its probably better if you direct your request to the maintainer of the port, ideally using http://www.freebsd.org/send-pr.html, identifying the upgrade benefits and further details to pique their interest. For example, strongswan: Current ports version is 5.0.4 and released version by strongswan is 5.1.1 (version 5.1.2 is scheduled for February) Reasons for the request are: 1. Rectification of security vulnerabilities allowing Denial of Service: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6075 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6076 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5018 2. Rectification of security vulnerabilities allowing user impersonation and bypassing access restrictions CVE-2013-6075 (above) 3. Refer to change log http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51, specifically ... But of course the first thing to do is to use http://www.freebsd.org/cgi/query-pr-summary.cgi to check if the request has already been made. And in this instance it has! Please refer to http://www.freebsd.org/cgi/query-pr.cgi?pr=ports/183688 And given the outstanding CVEs I'd suggest that you apply the patches, if you're going to use this port; pending maintainer's availability. Francois, I've included you, as the CVE's should push this update from a low priority/non-critical category to a medium given that it can be DOS'ed via the network without authentication. (And unfortunately IKEv1 is required for iPhone clients using IPSEC) Regards, Dewayne.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52CA4B54.4050908>