svn commit: r447388 - head/security/vuxml

Mark Felder feld at FreeBSD.org
Sat Aug 5 03:37:01 UTC 2017 

Author: feld
Date: Sat Aug  5 03:36:59 2017
New Revision: 447388
URL: https://svnweb.freebsd.org/changeset/ports/447388

Log:
  Fix Strongswan entries
  
  PR:		220874

Modified:
  head/security/vuxml/vuln.xml

Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml	Sat Aug  5 03:33:30 2017	(r447387)
+++ head/security/vuxml/vuln.xml	Sat Aug  5 03:36:59 2017	(r447388)
@@ -746,7 +746,7 @@ Notes:
   </vuln>
 
   <vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70">
-    <topic>strongswan -- Insufficient Input Validation in gmp Plugin</topic>
+    <topic>strongswan -- multiple vulnerabilities</topic>
     <affects>
       <package>
 	<name>strongswan</name>
@@ -756,16 +756,23 @@ Notes:
     <description>
       <body xmlns="http://www.w3.org/1999/xhtml">
 	<p>strongSwan security team reports:</p>
-	<blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html">
-	  <p>RSA public keys passed to the gmp plugin aren't validated sufficiently
-	     before attempting signature verification, so that invalid input might
-	     lead to a floating point exception.</p>
+	<blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html">
+	  <ul>
+	    <li>RSA public keys passed to the gmp plugin aren't validated sufficiently
+		  before attempting signature verification, so that invalid input might
+	      lead to a floating point exception. [CVE-2017-9022]</li>
+	    <li>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
+	      parsing X.509 certificates with extensions that use such types. This
+	      could lead to infinite looping of the thread parsing a specifically crafted certificate.</li>
+	  </ul>
 	</blockquote>
       </body>
     </description>
     <references>
       <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url>
       <cvename>CVE-2017-9022</cvename>
+      <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url>
+      <cvename>CVE-2017-9023</cvename>
     </references>
     <dates>
       <discovery>2017-05-30</discovery>
@@ -774,31 +781,7 @@ Notes:
   </vuln>
 
   <vuln vid="c7e8e955-6c61-11e7-9b01-2047478f2f70">
-    <topic>strongswan -- Denial-of-service vulnerability in the x509 plugin</topic>
-    <affects>
-      <package>
-	<name>strongswan</name>
-	<range><le>5.5.3</le></range>
-      </package>
-    </affects>
-    <description>
-      <body xmlns="http://www.w3.org/1999/xhtml">
-	<p>strongSwan security team reports:</p>
-	<blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html">
-	  <p>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
-	     parsing X.509 certificates with extensions that use such types. This
-	     could lead to infinite looping of the thread parsing a specifically crafted certificate.</p>
-	</blockquote>
-      </body>
-    </description>
-    <references>
-      <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url>
-      <cvename>CVE-2017-9023</cvename>
-    </references>
-    <dates>
-      <discovery>2017-05-30</discovery>
-      <entry>2017-07-19</entry>
-    </dates>
+    <cancelled superseded="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"/>
   </vuln>
 
   <vuln vid="dc3c66e8-6a18-11e7-93af-005056925db4">

More information about the svn-ports-all mailing list