On 05/01/14 06:08, Dewayne Geraghty wrote: > We updated strongswan yesterday and noticed in their changelog the > resolution of CVE2014-2338 in strongswan 5.1.3 which was released on > 14th April '14. Secunia advises that this has a "moderately critical" > rating. > > I've examined the references below and other web searching, but haven't > been able to find a way to "notify" the portaudit mechanism of a port > vulnerability.
Portaudit data derives from vuxml -- your best bet here is to prod the
port's maintainer preferably by means of a PR. Make it clear this is a
security fix. The maintainer should supply a patch to vuln.xml as part
of the update to 5.1.3, or else the committer should add one.
Alternatively, and if you don't get a timely response from the
maintainer, bring up the issue on the freebsd-ports@.... mailing list,
which you've done.
Cheers,
Matthew
signature.asc
Description: OpenPGP digital signature
