Bug 267037 - security/strongswan: update to 5.9.8
Summary: security/strongswan: update to 5.9.8
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Fernando Apesteguía
URL: https://github.com/strongswan/strongs...
Keywords: security
Depends on:
Blocks:
 
Reported: 2022-10-14 07:22 UTC by Franco Fichtner
Modified: 2022-10-19 16:51 UTC (History)
4 users (show)

See Also:
bugzilla: maintainer-feedback? (strongswan)
fernape: merge-quarterly+


Attachments
update (1.99 KB, patch)
2022-10-14 07:22 UTC, Franco Fichtner
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Franco Fichtner 2022-10-14 07:22:26 UTC
Created attachment 237287 [details]
update

Hi,

Since vulnerability exists here is the port update including:

https://github.com/strongswan/strongswan/releases/tag/5.9.7
https://github.com/strongswan/strongswan/releases/tag/5.9.8


Cheers,
Franco
Comment 1 Fernando Apesteguía freebsd_committer freebsd_triage 2022-10-17 06:09:43 UTC
^Triage: If there is a changelog or release notes URL available for this version, please add it to the URL field.

Franco, what vulnerability are you referring to?


Thanks!
Comment 2 Franco Fichtner 2022-10-17 06:12:00 UTC
https://cgit.freebsd.org/ports/commit/?id=c1b081145ff7f719c3867702e9d83718b674505d

I found it odd that it was registered there already but no update was proposed.


Cheers,
Franco
Comment 3 commit-hook freebsd_committer freebsd_triage 2022-10-19 16:50:20 UTC
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=a28166f3b1e22d446f76d5f71f27f082b0e7e19f

commit a28166f3b1e22d446f76d5f71f27f082b0e7e19f
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2022-10-17 06:06:35 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-10-19 16:45:55 +0000

    security/strongswan: update to 5.9.8

    ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

    Fixes CVE-2022-40617.

    PR:             267037
    Reported by:    franco@opnsense.org
    Approved by:    strongswan@Nanoteq.com (maintainer, implicit)
    MFH:            2022Q4  (security update)
    Security:       CVE-2022-40617 DoS attack vulnerability

 security/strongswan/Makefile  | 3 +--
 security/strongswan/distinfo  | 6 +++---
 security/strongswan/pkg-plist | 5 ++++-
 3 files changed, 8 insertions(+), 6 deletions(-)
Comment 4 Fernando Apesteguía freebsd_committer freebsd_triage 2022-10-19 16:50:50 UTC
Committed and merged to 2022Q4,

Thanks!
Comment 5 commit-hook freebsd_committer freebsd_triage 2022-10-19 16:51:22 UTC
A commit in branch 2022Q4 references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=de86c5fe2678752cf798a2fc3294fd13202eaae9

commit de86c5fe2678752cf798a2fc3294fd13202eaae9
Author:     Franco Fichtner <franco@opnsense.org>
AuthorDate: 2022-10-17 06:06:35 +0000
Commit:     Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2022-10-19 16:46:51 +0000

    security/strongswan: update to 5.9.8

    ChangeLog: https://github.com/strongswan/strongswan/releases/tag/5.9.8

    Fixes CVE-2022-40617.

    PR:             267037
    Reported by:    franco@opnsense.org
    Approved by:    strongswan@Nanoteq.com (maintainer, implicit)
    MFH:            2022Q4  (security update)
    Security:       CVE-2022-40617 DoS attack vulnerability

    (cherry picked from commit a28166f3b1e22d446f76d5f71f27f082b0e7e19f)

 security/strongswan/Makefile  | 3 +--
 security/strongswan/distinfo  | 6 +++---
 security/strongswan/pkg-plist | 5 ++++-
 3 files changed, 8 insertions(+), 6 deletions(-)