Bug 220183
| Summary: | [MAINTAINER] security/openvpn-devel: Update to 201724 snapshot | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Eric F Crist <ecrist> | ||||||
| Component: | Individual Port(s) | Assignee: | Josh Paetzel <jpaetzel> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Only Me | CC: | jpaetzel | ||||||
| Priority: | --- | ||||||||
| Version: | Latest | ||||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
I'm going to post a new diff in a bit. There's apparently some new code that fixes security vulnerabilities that isn't in the tarball used here. Created attachment 183675 [details]
update to 201725, which includes fixes for 4 CVEs.
New patch, includes update to 201725, which includes important security updates to OpenVPN:
CVE-2017-7508: mssfix.c remotely-triggerable ASSERT() on malformed IPv6 packet
CVE-2017-7520: ntlm.c NTLM data leak
CVE-2017-7521: issues in extract_x509_extension() leading to server memory drain/crash/double-free
CVE-2017-7522: mbedTLS/PolarSSL with --x509-track remote crash for certificate containing NULL values in subject name
A commit references this bug: Author: jpaetzel Date: Wed Jun 21 19:19:26 UTC 2017 New revision: 444072 URL: https://svnweb.freebsd.org/changeset/ports/444072 Log: Update to latest version PR: 220183 Submitted by: ecrist@secure-computing.net Changes: head/security/openvpn-devel/Makefile head/security/openvpn-devel/distinfo A commit references this bug: Author: jpaetzel Date: Fri Jun 23 16:38:50 UTC 2017 New revision: 444183 URL: https://svnweb.freebsd.org/changeset/ports/444183 Log: MFH: r444072 Update to latest version PR: 220183 Submitted by: ecrist@secure-computing.net Approved by: ports-secteam (delphij) Changes: _U branches/2017Q2/ branches/2017Q2/security/openvpn-devel/Makefile branches/2017Q2/security/openvpn-devel/distinfo |
Created attachment 183672 [details] svn diff Update port to 201724 source code snapshot.