Summary: | <net-misc/openswan-2.4.15 ASN.1 Parsing Remote Denial of Service (CVE-2009-2185) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | eras, mrness |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://lists.virus.org/announce-openswan-0906/msg00000.html | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2009-06-23 23:58:35 UTC
I've bumped version to 2.6.22, but branch 2.6 is currently p.masked on Gentoo due to broken L2TP (see https://gsoc.xelerance.com/view.php?id=1004). Let me know when 2.4.15 becomes available and I'll do the real security bump. (In reply to comment #1) > Let me know when 2.4.15 becomes available and I'll do the real security bump. 2.4.15 is released: http://www.openswan.org/download/openswan-2.4.15.tar.gz http://www.openswan.org/download/openswan-2.4.15.tar.gz.asc 2.4.15 is now in the tree. Arches please mark this version as stable. x86 stable amd64 stable, all arches done. Alin, please remove the vulnerable versions. Done GLSA 200909-05 |