Updating portaudit - strongswan (5.1.1) CVE
Matthew Seaman
m.seaman at infracaninophile.co.uk
Thu May 1 08:33:44 UTC 2014
On 05/01/14 06:08, Dewayne Geraghty wrote:
> We updated strongswan yesterday and noticed in their changelog the
> resolution of CVE2014-2338 in strongswan 5.1.3 which was released on
> 14th April '14. Secunia advises that this has a "moderately critical"
> rating.
>
> I've examined the references below and other web searching, but haven't
> been able to find a way to "notify" the portaudit mechanism of a port
> vulnerability.
Portaudit data derives from vuxml -- your best bet here is to prod the
port's maintainer preferably by means of a PR. Make it clear this is a
security fix. The maintainer should supply a patch to vuln.xml as part
of the update to 5.1.3, or else the committer should add one.
Alternatively, and if you don't get a timely response from the
maintainer, bring up the issue on the freebsd-ports at .... mailing list,
which you've done.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1029 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20140501/f7f1a336/attachment.sig>
More information about the freebsd-ports
mailing list