FreeBSD Bugzilla – Attachment 184526 Details for
Bug 220874
security/vuxml: Fix incorrect strongSwan entries
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
[patch] Fix incorrect strongSwan entries
fix-incorrect-strongswan-vuln.patch (text/plain), 3.00 KB, created by
Dani I.
on 2017-07-20 06:06:44 UTC
(
hide
)
Description:
[patch] Fix incorrect strongSwan entries
Filename:
MIME Type:
Creator:
Dani I.
Created:
2017-07-20 06:06:44 UTC
Size:
3.00 KB
patch
obsolete
>--- security/vuxml/vuln.xml.orig 2017-07-20 07:38:29.775367103 +0200 >+++ security/vuxml/vuln.xml 2017-07-20 07:49:45.952320527 +0200 >@@ -195,52 +195,31 @@ Notes: > </vuln> > > <vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"> >- <topic>strongswan -- Insufficient Input Validation in gmp Plugin</topic> >+ <topic>strongswan -- multiple vulnerabilities</topic> > <affects> > <package> >- <name>strongswan</name> >- <range><ge>4.4.0</ge><le>5.5.2</le></range> >+ <name>strongswan</name> >+ <range><ge>4.4.0</ge><le>5.5.2</le></range> > </package> > </affects> > <description> > <body xmlns="http://www.w3.org/1999/xhtml"> >- <p>strongSwan security team reports:</p> >- <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html"> >- <p>RSA public keys passed to the gmp plugin aren't validated sufficiently >- before attempting signature verification, so that invalid input might >- lead to a floating point exception.</p> >- </blockquote> >+ <p>strongSwan security team reports:</p> >+ <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-5.5.3-released.html"> >+ <ul> >+ <li>RSA public keys passed to the gmp plugin aren't validated sufficiently >+ before attempting signature verification, so that invalid input might >+ lead to a floating point exception. [CVE-2017-9022]</li> >+ <li>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when >+ parsing X.509 certificates with extensions that use such types. This >+ could lead to infinite looping of the thread parsing a specifically crafted certificate.</li> >+ </ul> >+ </blockquote> > </body> > </description> > <references> > <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url> > <cvename>CVE-2017-9022</cvename> >- </references> >- <dates> >- <discovery>2017-05-30</discovery> >- <entry>2017-07-19</entry> >- </dates> >- </vuln> >- >- <vuln vid="c7e8e955-6c61-11e7-9b01-2047478f2f70"> >- <topic>strongswan -- Denial-of-service vulnerability in the x509 plugin</topic> >- <affects> >- <package> >- <name>strongswan</name> >- <range><le>5.5.3</le></range> >- </package> >- </affects> >- <description> >- <body xmlns="http://www.w3.org/1999/xhtml"> >- <p>strongSwan security team reports:</p> >- <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html"> >- <p>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when >- parsing X.509 certificates with extensions that use such types. This >- could lead to infinite looping of the thread parsing a specifically crafted certificate.</p> >- </blockquote> >- </body> >- </description> >- <references> > <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url> > <cvename>CVE-2017-9023</cvename> > </references>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=184526">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 220874
:
184525
|
184526
|
184527
|
184528