Bug 266938 - security/strongswan: CVE-2022-40617
Summary: security/strongswan: CVE-2022-40617
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Fernando Apesteguía
URL: https://www.strongswan.org/blog/2022/...
Keywords: security
Depends on:
Blocks:
 
Reported: 2022-10-10 11:21 UTC by rob2g2
Modified: 2022-10-10 12:25 UTC (History)
4 users (show)

See Also:

Attachments
patch for vuxml (1.02 KB, patch)
2022-10-10 11:21 UTC, rob2g2 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description rob2g2 2022-10-10 11:21:02 UTC 
Created attachment 237187 [details]
patch for vuxml

please update strongswan to 5.9.8 to fix CVE-2022-40617

the according vuxml entry attached to inform users
Comment 1 commit-hook freebsd_committer freebsd_triage 2022-10-10 12:25:33 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=c1b081145ff7f719c3867702e9d83718b674505d

commit c1b081145ff7f719c3867702e9d83718b674505d
Author:     rob2g2 <rob2g2-freebsd@bitbert.com>
AuthorDate: 2022-10-10 12:16:36 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-10-10 12:21:57 +0000

    security/strongswan: Document DOS vulnerability

    ChangeLog:
    https://www.strongswan.org/blog/2022/10/03/strongswan-vulnerability-(cve-2022-40617).html

    PR:             266938
    Reported by:    rob2g2-freebsd@bitbert.com
    Security:       CVE-2022-40617

 security/vuxml/vuln-2022.xml | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
Comment 2 Fernando Apesteguía freebsd_committer freebsd_triage 2022-10-10 12:25:47 UTC 
Committed,

Thanks!