CVE-2014-9221 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9221): strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to cause a denial of service (invalid pointer dereference) via a crafted IKEv2 Key Exchange (KE) message with Diffie-Hellman (DH) group 1025. Maintainers, may we proceed with stabilization of =net-misc/strongswan-5.2.1 ?
The 5.2.1 version is also broken - the report from strongswan is badly worded. (Instead of saying up to 5.2.1, it should have said up to, and including 5.2.1). Please see the Fix section of their report here: https://www.strongswan.org/blog/2015/01/05/strongswan-denial-of-service-vulnerability-%28cve-2014-9221%29.html Version 5.2.2 that I have just added to the tree contains the fixes, so please stabilize that one instead.
x86 done.
amd64 stable
ppc stable
arm stable, all arches done.
Arches, Thank you for your work. GLSA Vote: Yes Maintainer(s), please drop the vulnerable version(s).
Unable to do so, since net-dns/unbound is not marked stable, and is a dependency with the unbound module use flag. Do feel free to remove the old version once that has been fixed (Not sure what to do) :-)
Depends on Bug #532000 for cleanup.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No Maintainer(s), please drop the vulnerable version(s).
It has been 30 days+ since cleanup requested. Maintainer(s), please drop the vulnerable version(s).
Removed :-)
Arches and Maintainer(s), Thank you for your work.
NO too, closing.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=82d09640143771f461b62a30d455ad98ae775aa3 commit 82d09640143771f461b62a30d455ad98ae775aa3 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-01-15 23:08:04 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-01-16 01:01:20 +0000 profiles/arch/arm: drop obsolete strongswan unbound mask net-dns/unbound has stable keywords on ARM. Bug: https://bugs.gentoo.org/536226 Signed-off-by: Sam James <sam@gentoo.org> profiles/arch/arm/package.use.mask | 4 ---- 1 file changed, 4 deletions(-)