diff options
| author | Renato Botelho <garga@FreeBSD.org> | 2015-11-16 14:06:56 +0000 |
|---|---|---|
| committer | Renato Botelho <garga@FreeBSD.org> | 2015-11-16 14:06:56 +0000 |
| commit | fb22be0918729226a5f2a6deef5218f291348bd3 (patch) | |
| tree | 784430520b8551ee3ec51964ba456231f5095799 /security | |
| parent | 52728390f8b6adee1b8526cbe29a5720c550d3e9 (diff) | |
Notes
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index c89af2020bcf..35e4139fbb4d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,35 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="3eb0ccc2-8c6a-11e5-8519-005056ac623e"> + <topic>strongswan -- authentication bypass vulnerability in the eap-mschapv2 plugin</topic> + <affects> + <package> + <name>strongswan</name> + <range><lt>5.3.4</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Strongswan Release Notes reports:</p> + <blockquote cite="https://github.com/strongswan/strongswan/blob/master/NEWS"> + <p>Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that + was caused by insufficient verification of the internal state when handling + MSCHAPv2 Success messages received by the client. + This vulnerability has been registered as CVE-2015-8023.</p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2015-8023</cvename> + <url>ihttps://github.com/strongswan/strongswan/commit/453e204ac40dfff2e0978e8f84a5f8ff0cbc45e2</url> + </references> + <dates> + <discovery>2015-11-16</discovery> + <entry>2015-11-16</entry> + </dates> + </vuln> + <vuln vid="82b3ca2a-8c07-11e5-bd18-002590263bf5"> <topic>moodle -- multiple vulnerabilities</topic> <affects> |