Attachment #228859 for bug #259267

View | Details | Raw Unified | Return to bug 259267 | Differences between
Collapse All | Expand All




  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
  <vuln vid="99093a04-317c-11ec-9749-00224d821998">
    <topic>strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache</topic>
    <affects>
      <package>
	<name>strongswan</name>
	<range><lt>5.9.4</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Strongswan Release Notes reports:</p>
	<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.4">
	  <p>Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990.</p>
	  <p>Fixed a denial-of-service vulnerability in the in-memory certificate cache if certificates are replaced and a very large random value caused an integer overflow. This vulnerability has been registered as CVE-2021-41991.</p>
	</blockquote>
      </body>
    </description>
    <references>
      <url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html</url>
      <url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html</url>
    </references>
    <dates>
      <discovery>2021-10-04</discovery>
      <entry>2021-10-19</entry>
    </dates>
  </vuln>

  <vuln vid="62da9702-b4cc-11eb-b9c9-6cc21735f730">
    <topic>PostgreSQL server -- two security issues</topic>
    <affects>

Return to bug 259267

Lines 76-81 Notes: Link Here

(-)b/security/vuxml/vuln.xml (+27 lines)
76	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)	76	* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
77	-->	77	-->
78	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">	78	<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
		79	<vuln vid="99093a04-317c-11ec-9749-00224d821998">
		80	<topic>strongswan - denial-of-service vulnerability in the gmp plugin/denial-of-service vulnerability in the in-memory certificate cache</topic>
		81	<affects>
		82	<package>
		83	<name>strongswan</name>
		84	<range><lt>5.9.4</lt></range>
		85	</package>
		86	</affects>
		87	<description>
		88	<body xmlns="http://www.w3.org/1999/xhtml">
		89	<p>Strongswan Release Notes reports:</p>
		90	<blockquote cite="https://github.com/strongswan/strongswan/releases/tag/5.9.4">
		91	<p>Fixed a denial-of-service vulnerability in the gmp plugin that was caused by an integer overflow when processing RSASSA-PSS signatures with very large salt lengths. This vulnerability has been registered as CVE-2021-41990.</p>
		92	<p>Fixed a denial-of-service vulnerability in the in-memory certificate cache if certificates are replaced and a very large random value caused an integer overflow. This vulnerability has been registered as CVE-2021-41991.</p>
		93	</blockquote>
		94	</body>
		95	</description>
		96	<references>
		97	<url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41990).html</url>
		98	<url>https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html</url>
		99	</references>
		100	<dates>
		101	<discovery>2021-10-04</discovery>
		102	<entry>2021-10-19</entry>
		103	</dates>
		104	</vuln>
		105
79	<vuln vid="62da9702-b4cc-11eb-b9c9-6cc21735f730">	106	<vuln vid="62da9702-b4cc-11eb-b9c9-6cc21735f730">
80	<topic>PostgreSQL server -- two security issues</topic>	107	<topic>PostgreSQL server -- two security issues</topic>
81	<affects>	108	<affects>