204597 – security/strongswan: Update to 5.3.4 [CVE-2015-8023]

Bug 204597 - security/strongswan: Update to 5.3.4 [CVE-2015-8023]

Summary: security/strongswan: Update to 5.3.4 [CVE-2015-8023]

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Many People
Assignee:	Renato Botelho

URL:
Keywords:	patch, security

Depends on:
Blocks:

Reported:	2015-11-16 13:37 UTC by Francois ten Krooden
Modified:	2015-11-17 03:06 UTC (History)
CC List:	2 users (show)

See Also:

Flags:	strongswan: maintainer-feedback+ koobs: merge-quarterly+

Attachments
Update security/strongSwan 5.3.3 to 5.3.4 (5.23 KB, patch) 2015-11-16 13:37 UTC, Francois ten Krooden	no flags	Details \| Diff
Update for security/vuxml to add CVE-2015-8023 (2.08 KB, patch) 2015-11-16 13:38 UTC, Francois ten Krooden	no flags	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Francois ten Krooden 2015-11-16 13:37:52 UTC

Created attachment 163192 [details]
Update security/strongSwan 5.3.3 to 5.3.4

Update security/strongSwan 5.3.3 to 5.3.4
 - Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that was caused by insufficient verification of the internal state when handling EAP-MSCHAPv2 Success messages received by the client. This vulnerability has been registered as CVE-2015-8023.

Comment 1 Francois ten Krooden 2015-11-16 13:38:44 UTC

Created attachment 163193 [details]
Update for security/vuxml to add CVE-2015-8023

Comment 2 commit-hook freebsd_committer

2015-11-16 14:08:53 UTC

A commit references this bug:

Author: garga
Date: Mon Nov 16 14:08:26 UTC 2015
New revision: 401762
URL: https://svnweb.freebsd.org/changeset/ports/401762

Log:
  Update security/strongswan to 5.3.4

  PR:		204597
  Submitted by:	strongswan@nanoteq.com (maintainer)
  MFH:		2015Q4
  Security:	CVE 2015-8023
  Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
  Sponsored by:	Rubicon Communications (Netgate)

Changes:
  head/security/strongswan/Makefile
  head/security/strongswan/distinfo
  head/security/strongswan/files/patch-backport-04f22cdabc.diff
  head/security/strongswan/files/patch-backport-dff2d05bb9.diff

Comment 3 commit-hook freebsd_committer

2015-11-16 14:16:55 UTC

A commit references this bug:

Author: garga
Date: Mon Nov 16 14:16:39 UTC 2015
New revision: 401763
URL: https://svnweb.freebsd.org/changeset/ports/401763

Log:
  MFH: r401762

  Update security/strongswan to 5.3.4

  PR:		204597
  Submitted by:	strongswan@nanoteq.com (maintainer)
  Security:	CVE 2015-8023
  Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
  Sponsored by:	Rubicon Communications (Netgate)
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2015Q4/
  branches/2015Q4/security/strongswan/Makefile
  branches/2015Q4/security/strongswan/distinfo

Comment 4 Kubilay Kocak freebsd_committer

2015-11-16 16:50:08 UTC

Post-commit classification