Re: git: 4e2c0382dd6c - main - security/strongswan: fix CVE-2023-41913

In reply to: Eugene Grosbein : "git: 4e2c0382dd6c - main - security/strongswan: fix CVE-2023-41913"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Florian Smeets <flo_at_smeets.xyz>
Date: Fri, 24 Nov 2023 12:02:21 UTC

On 24.11.23 09:06, Eugene Grosbein wrote:
> The branch main has been updated by eugen:
> 
> URL: https://cgit.FreeBSD.org/ports/commit/?id=4e2c0382dd6c024d5349318f9a18762b3814ef9a
> 
> commit 4e2c0382dd6c024d5349318f9a18762b3814ef9a
> Author:     Eugene Grosbein <eugen@FreeBSD.org>
> AuthorDate: 2023-11-24 08:03:00 +0000
> Commit:     Eugene Grosbein <eugen@FreeBSD.org>
> CommitDate: 2023-11-24 08:03:00 +0000
> 
>      security/strongswan: fix CVE-2023-41913
>      
>      This is urgent change adding official patch
>      https://download.strongswan.org/security/CVE-2023-41913/strongswan-5.9.7-5.9.11_charon_tkm_dh_len.patch
>      that is identical to the change made for strongswan-5.9.12:
>      https://github.com/strongswan/strongswan/commit/96d793718955820dfe5e6d8aa6127a34795ae39e
>      
>      It is upto port maintainer to review and maybe upgrade the port to 5.9.12
>      
>      Obtained from:  strongSwan
>      Security:       CVE-2023-41913

Hi Eugene,

did you verify whether the port is actually vulnerable? I had a look a 
couple of days ago and my impression was that we don't build charon with 
the TKM backend. I only had a quick look, so maybe I was wrong and your 
input would be much appreciated.

Thanks
Florian