ports/189132: security/strongswan Update request to 5.1.3 (CVE 2014-2338)
Dewayne
dewayne at heuristicsystems.com.au
Wed Apr 30 08:50:02 UTC 2014
>Number: 189132
>Category: ports
>Synopsis: security/strongswan Update request to 5.1.3 (CVE 2014-2338)
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 30 08:50:02 UTC 2014
>Closed-Date:
>Last-Modified:
>Originator: Dewayne
>Release: FreeBSD 9.2Stable
>Organization:
>Environment:
FreeBSD 9.2-STABLE FreeBSD 9.2-STABLE #0: Thu Apr 24 22:50:37 EST 2014 root@:/usr/obj/prod/usr/src/sys/hqdev-amd64-padlock-smp-vga amd64
>Description:
Strongswan has quite a few useful changes from 5.1.1 to 5.1.3, please refer:
http://wiki.strongswan.org/projects/strongswan/wiki/Changelog51
strongswan 5.1.3 was released 14th April 2014 and addresses CVE 2014-2338, unfortunately portaudit as of Wed Apr 30 08:31:59 UTC 2014 did not include this vulnerability.
Details of CVE at:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2014-2338
After changing only the Makefile's to
PORTVERSION= 5.1.3
I've tested 5.1.3 compilation on a 9.2Stable system (using gcc & pkg_*). Compiles and builds a package cleanly but I haven't tested its function yet.
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list