Updating portaudit - strongswan (5.1.1) CVE

Matthew Seaman m.seaman at infracaninophile.co.uk
Thu May 1 08:33:44 UTC 2014

On 05/01/14 06:08, Dewayne Geraghty wrote:
> We updated strongswan yesterday and noticed in their changelog the
> resolution of CVE2014-2338 in strongswan 5.1.3 which was  released on
> 14th April '14.  Secunia advises that this has a "moderately critical"
> rating.
> I've examined the references below and other web searching, but haven't
> been able to find a way to "notify" the portaudit mechanism of a port
> vulnerability.

Portaudit data derives from vuxml -- your best bet here is to prod the
port's maintainer preferably by means of a PR.  Make it clear this is a
security fix.  The maintainer should supply a patch to vuln.xml as part
of the update to 5.1.3, or else the committer should add one.

Alternatively, and if you don't get a timely response from the
maintainer, bring up the issue on the freebsd-ports at .... mailing list,
which you've done.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140501/f7f1a336/attachment.sig>

More information about the freebsd-ports mailing list