svn commit: r447388 - head/security/vuxml
Mark Felder
feld at FreeBSD.org
Sat Aug 5 03:37:01 UTC 2017
Author: feld
Date: Sat Aug 5 03:36:59 2017
New Revision: 447388
URL: https://svnweb.freebsd.org/changeset/ports/447388
Log:
Fix Strongswan entries
PR: 220874
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sat Aug 5 03:33:30 2017 (r447387)
+++ head/security/vuxml/vuln.xml Sat Aug 5 03:36:59 2017 (r447388)
@@ -746,7 +746,7 @@ Notes:
</vuln>
<vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70">
- <topic>strongswan -- Insufficient Input Validation in gmp Plugin</topic>
+ <topic>strongswan -- multiple vulnerabilities</topic>
<affects>
<package>
<name>strongswan</name>
@@ -756,16 +756,23 @@ Notes:
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>strongSwan security team reports:</p>
- <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html">
- <p>RSA public keys passed to the gmp plugin aren't validated sufficiently
- before attempting signature verification, so that invalid input might
- lead to a floating point exception.</p>
+ <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html">
+ <ul>
+ <li>RSA public keys passed to the gmp plugin aren't validated sufficiently
+ before attempting signature verification, so that invalid input might
+ lead to a floating point exception. [CVE-2017-9022]</li>
+ <li>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
+ parsing X.509 certificates with extensions that use such types. This
+ could lead to infinite looping of the thread parsing a specifically crafted certificate.</li>
+ </ul>
</blockquote>
</body>
</description>
<references>
<url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url>
<cvename>CVE-2017-9022</cvename>
+ <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url>
+ <cvename>CVE-2017-9023</cvename>
</references>
<dates>
<discovery>2017-05-30</discovery>
@@ -774,31 +781,7 @@ Notes:
</vuln>
<vuln vid="c7e8e955-6c61-11e7-9b01-2047478f2f70">
- <topic>strongswan -- Denial-of-service vulnerability in the x509 plugin</topic>
- <affects>
- <package>
- <name>strongswan</name>
- <range><le>5.5.3</le></range>
- </package>
- </affects>
- <description>
- <body xmlns="http://www.w3.org/1999/xhtml">
- <p>strongSwan security team reports:</p>
- <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html">
- <p>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when
- parsing X.509 certificates with extensions that use such types. This
- could lead to infinite looping of the thread parsing a specifically crafted certificate.</p>
- </blockquote>
- </body>
- </description>
- <references>
- <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url>
- <cvename>CVE-2017-9023</cvename>
- </references>
- <dates>
- <discovery>2017-05-30</discovery>
- <entry>2017-07-19</entry>
- </dates>
+ <cancelled superseded="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"/>
</vuln>
<vuln vid="dc3c66e8-6a18-11e7-93af-005056925db4">
More information about the svn-ports-all
mailing list