Summary: | <net-vpn/strongswan-5.9.4: integer overflow (CVE-2021-41991) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | kernlpanic, maintainer-needed, proxy-maint, rndxelement |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html | ||
See Also: | https://github.com/gentoo/gentoo/pull/23573 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 830060 | ||
Bug Blocks: |
Description
John Helmert III
2021-10-18 19:46:47 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7b2be9c86d3a38312e787a30291c46e30b2da3bb commit 7b2be9c86d3a38312e787a30291c46e30b2da3bb Author: Philipp Rösner <rndxelement@protonmail.com> AuthorDate: 2021-12-29 22:46:06 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-01-02 14:15:30 +0000 net-vpn/strongswan: bump to 5.9.4 Added an ebuild for strongswan-5.9.4 with support for EAPI 8. Bug: https://bugs.gentoo.org/818841 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Philipp Roesner <rndxelement@protonmail.com> Signed-off-by: Florian Schmaus <flow@gentoo.org> net-vpn/strongswan/Manifest | 1 + net-vpn/strongswan/strongswan-5.9.4.ebuild | 308 +++++++++++++++++++++++++++++ 2 files changed, 309 insertions(+) I'm sorry I missed this, but thank you for the bump! Please cleanup remaining vulnerable ebuilds. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7387260e58f7f39705fa2c03024201eee834e8e9 commit 7387260e58f7f39705fa2c03024201eee834e8e9 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-01-06 17:43:24 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-01-06 17:43:34 +0000 net-vpn/strongswan: drop 5.9.6-r1, 5.9.7 Bug: https://bugs.gentoo.org/818841 Bug: https://bugs.gentoo.org/832460 Bug: https://bugs.gentoo.org/878887 Signed-off-by: John Helmert III <ajak@gentoo.org> net-vpn/strongswan/Manifest | 2 - .../files/strongswan-5.9.6-werror-security.patch | 20 -- net-vpn/strongswan/strongswan-5.9.6-r1.ebuild | 322 --------------------- net-vpn/strongswan/strongswan-5.9.7.ebuild | 318 -------------------- 4 files changed, 662 deletions(-) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=5c311dfaab4c0172a4524ae5860106bcac33a694 commit 5c311dfaab4c0172a4524ae5860106bcac33a694 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-04 09:05:41 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-04 09:06:06 +0000 [ GLSA 202405-08 ] strongSwan: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/818841 Bug: https://bugs.gentoo.org/832460 Bug: https://bugs.gentoo.org/878887 Bug: https://bugs.gentoo.org/899964 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-08.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) |