Bug 275096 (CVE-2009-2185)

Summary:

<net-misc/strongswan-{4.2.16,4.3.2}: DoS vulnerabilities (CVE-2009-2185)

Product:

Gentoo Security

Reporter:

Tom Prince <tom.prince>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

trivial

CC:

rbu

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

https://lists.strongswan.org/pipermail/announce/2009-June/000054.html

Whiteboard:

~3 [noglsa]

Package list:

Runtime testing required:

---

Attachments:

Description	Flags
ebuild for 4.3.2	none

Description Tom Prince 2009-06-22 19:35:57 UTC

This fixes a security vulnerability.

https://lists.strongswan.org/pipermail/announce/2009-June/000053.html

And fixes compilation with glibc 2.10. (Bug #272511)

Comment 1 Tom Prince 2009-06-22 19:36:41 UTC

Created attachment 195497 [details]
ebuild for 4.3.2

Comment 2 Tobias Heinlein (RETIRED) gentoo-dev

2009-06-23 12:09:39 UTC

Tom, thanks for the report. We really appreciate your help. However, it's confusing to just attach an ebuild, especially when there's no change to the one in the portage tree. Saying "just bumping it works" or a unified diff would be better.

Comment 3 Tobias Heinlein (RETIRED) gentoo-dev

2009-06-23 12:46:37 UTC

I have no idea why you attached the old 4.2.8 ebuild, but using the 4.2.15 ebuild for both 4.2.16 and 4.3.2 seems to be wise. Done that now.

Comment 4 Tobias Heinlein (RETIRED) gentoo-dev

2009-06-23 12:47:17 UTC

strongswan is ~arch only, [noglsa].

Comment 5 Robert Buchholz (RETIRED) gentoo-dev

2009-06-24 00:37:06 UTC

*** Bug 275234 has been marked as a duplicate of this bug. ***