svn commit: r341403 - head/security/vuxml
Bernhard Froehlich
decke at FreeBSD.org
Mon Jan 27 13:31:46 UTC 2014
Author: decke
Date: Mon Jan 27 13:31:45 2014
New Revision: 341403
URL: http://svnweb.freebsd.org/changeset/ports/341403
QAT: https://qat.redports.org/buildarchive/r341403/
Log:
- Document multiple DoS vulnerabilities in strongswan
Security: CVE-2013-5018
Security: CVE-2013-6075
Security: CVE-2013-6076
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Mon Jan 27 13:30:28 2014 (r341402)
+++ head/security/vuxml/vuln.xml Mon Jan 27 13:31:45 2014 (r341403)
@@ -51,6 +51,46 @@ Note: Please add new entries to the beg
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="efa663eb-8754-11e3-9a47-00163e1ed244">
+ <topic>strongswan -- multiple DoS vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>strongswan</name>
+ <range><lt>5.1.1</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>strongSwan Project reports:</p>
+ <blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6076%29.html">
+ <p>A DoS vulnerability triggered by crafted IKEv1 fragmentation
+ payloads was discovered in strongSwan's IKE daemon charon. All
+ versions since 5.0.2 are affected.</p>
+ </blockquote>
+ <blockquote cite="http://www.strongswan.org/blog/2013/11/01/strongswan-denial-of-service-vulnerability-%28cve-2013-6075%29.html">
+ <p>A DoS vulnerability and potential authorization bypass triggered
+ by a crafted ID_DER_ASN1_DN ID payload was discovered in strongSwan.
+ All versions since 4.3.3 are affected.</p>
+ </blockquote>
+ <blockquote cite="http://www.strongswan.org/blog/2013/08/01/strongswan-denial-of-service-vulnerability-%28cve-2013-5018%29.html">
+ <p>A DoS vulnerability in strongSwan was discovered, which is
+ triggered by XAuth usernames and EAP identities in versions
+ 5.0.3 and 5.0.4.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2013-5018</cvename>
+ <cvename>CVE-2013-6075</cvename>
+ <cvename>CVE-2013-6076-</cvename>
+ <url>http://www.strongswan.org/blog/2013/11/01/strongswan-5.1.1-released.html</url>
+ </references>
+ <dates>
+ <discovery>2013-11-01</discovery>
+ <entry>2014-01-27</entry>
+ </dates>
+ </vuln>
+
<vuln vid="d9dbe6e8-84da-11e3-98bd-080027f2d077">
<topic>varnish -- DoS vulnerability in Varnish HTTP cache</topic>
<affects>
More information about the svn-ports-all
mailing list