Bug 204597 - security/strongswan: Update to 5.3.4 [CVE-2015-8023]
Summary: security/strongswan: Update to 5.3.4 [CVE-2015-8023]
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Many People
Assignee: Renato Botelho
URL:
Keywords: patch, security
Depends on:
Blocks:
 
Reported: 2015-11-16 13:37 UTC by strongswan
Modified: 2015-11-17 03:06 UTC (History)
2 users (show)

See Also:
strongswan: maintainer-feedback+
koobs: merge-quarterly+


Attachments
Update security/strongSwan 5.3.3 to 5.3.4 (5.23 KB, patch)
2015-11-16 13:37 UTC, strongswan
no flags Details | Diff
Update for security/vuxml to add CVE-2015-8023 (2.08 KB, patch)
2015-11-16 13:38 UTC, strongswan
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description strongswan 2015-11-16 13:37:52 UTC
Created attachment 163192 [details]
Update security/strongSwan 5.3.3 to 5.3.4

Update security/strongSwan 5.3.3 to 5.3.4
 - Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that was caused by insufficient verification of the internal state when handling EAP-MSCHAPv2 Success messages received by the client. This vulnerability has been registered as CVE-2015-8023.
Comment 1 strongswan 2015-11-16 13:38:44 UTC
Created attachment 163193 [details]
Update for security/vuxml to add CVE-2015-8023
Comment 2 commit-hook freebsd_committer 2015-11-16 14:08:53 UTC
A commit references this bug:

Author: garga
Date: Mon Nov 16 14:08:26 UTC 2015
New revision: 401762
URL: https://svnweb.freebsd.org/changeset/ports/401762

Log:
  Update security/strongswan to 5.3.4

  PR:		204597
  Submitted by:	strongswan@nanoteq.com (maintainer)
  MFH:		2015Q4
  Security:	CVE 2015-8023
  Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
  Sponsored by:	Rubicon Communications (Netgate)

Changes:
  head/security/strongswan/Makefile
  head/security/strongswan/distinfo
  head/security/strongswan/files/patch-backport-04f22cdabc.diff
  head/security/strongswan/files/patch-backport-dff2d05bb9.diff
Comment 3 commit-hook freebsd_committer 2015-11-16 14:16:55 UTC
A commit references this bug:

Author: garga
Date: Mon Nov 16 14:16:39 UTC 2015
New revision: 401763
URL: https://svnweb.freebsd.org/changeset/ports/401763

Log:
  MFH: r401762

  Update security/strongswan to 5.3.4

  PR:		204597
  Submitted by:	strongswan@nanoteq.com (maintainer)
  Security:	CVE 2015-8023
  Security:	https://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2
  Sponsored by:	Rubicon Communications (Netgate)
  Approved by:	ports-secteam (feld)

Changes:
_U  branches/2015Q4/
  branches/2015Q4/security/strongswan/Makefile
  branches/2015Q4/security/strongswan/distinfo
Comment 4 Kubilay Kocak freebsd_committer freebsd_triage 2015-11-16 16:50:08 UTC
Post-commit classification