diff options
| author | olivier <olivier@FreeBSD.org> | 2017-07-19 17:43:30 +0800 |
|---|---|---|
| committer | olivier <olivier@FreeBSD.org> | 2017-07-19 17:43:30 +0800 |
| commit | 85d29b195ebd8f6041c1dcba64461c09f02bfde5 (patch) | |
| tree | 2ee3a2c90fe77aec17de2e37cdea78012c206150 /security | |
| parent | af4d616c1e9ad062a46e60b79176d7814159a0c7 (diff) | |
| download | freebsd-ports-gnome-85d29b195ebd8f6041c1dcba64461c09f02bfde5.tar.gz freebsd-ports-gnome-85d29b195ebd8f6041c1dcba64461c09f02bfde5.tar.zst freebsd-ports-gnome-85d29b195ebd8f6041c1dcba64461c09f02bfde5.zip | |
Document vulnerability in strongswan
PR: 220823
Reported by: i.dani@outlook.com
Security: CVE-2017-9022
Security: CVE-2017-9023
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 69a564b0a121..ac634b94d8c0 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,62 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="e6ccaf8a-6c63-11e7-9b01-2047478f2f70"> + <topic>strongswan -- Insufficient Input Validation in gmp Plugin</topic> + <affects> + <package> + <name>strongswan</name> + <range><ge>4.4.0</ge><le>5.5.2</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>strongSwan security team reports:</p> + <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html"> + <p>RSA public keys passed to the gmp plugin aren't validated sufficiently + before attempting signature verification, so that invalid input might + lead to a floating point exception.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9022).html</url> + <cvename>CVE-2017-9022</cvename> + </references> + <dates> + <discovery>2017-05-30</discovery> + <entry>2017-07-19</entry> + </dates> + </vuln> + + <vuln vid="c7e8e955-6c61-11e7-9b01-2047478f2f70"> + <topic>strongswan -- Denial-of-service vulnerability in the x509 plugin</topic> + <affects> + <package> + <name>strongswan</name> + <range><le>5.5.3</le></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>strongSwan security team reports:</p> + <blockquote cite="https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html"> + <p>ASN.1 CHOICE types are not correctly handled by the ASN.1 parser when + parsing X.509 certificates with extensions that use such types. This + could lead to infinite looping of the thread parsing a specifically crafted certificate.</p> + </blockquote> + </body> + </description> + <references> + <url>https://www.strongswan.org/blog/2017/05/30/strongswan-vulnerability-(cve-2017-9023).html</url> + <cvename>cve-2017-9023</cvename> + </references> + <dates> + <discovery>2017-05-30</discovery> + <entry>2017-07-19</entry> + </dates> + </vuln> + <vuln vid="dc3c66e8-6a18-11e7-93af-005056925db4"> <topic>Cacti -- Cross-site scripting (XSS) vulnerability in link.php</topic> <affects> |