diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-04-30 17:51:33 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-04-30 17:51:33 +0200 |
| commit | 84e33a818f3067f9bbd53cd2c9a67cae0ac0a8e7 (patch) | |
| tree | e35f547c643c642dff11c6f49ebb0c93d1b77db7 /NEWS | |
| parent | 2a08dbb83236b59b65fac6a184ffec5ecd03f4e7 (diff) | |
| parent | c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (diff) | |
| download | vyos-strongswan-84e33a818f3067f9bbd53cd2c9a67cae0ac0a8e7.tar.gz vyos-strongswan-84e33a818f3067f9bbd53cd2c9a67cae0ac0a8e7.zip | |
Merge tag 'upstream/5.0.4'
Upstream version 5.0.4
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 22 |
1 files changed, 22 insertions, 0 deletions
@@ -1,3 +1,25 @@ +strongswan-5.0.4 +---------------- + +- Fixed a security vulnerability in the openssl plugin which was reported by + Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. + Before the fix, if the openssl plugin's ECDSA signature verification was used, + due to a misinterpretation of the error code returned by the OpenSSL + ECDSA_verify() function, an empty or zeroed signature was accepted as a + legitimate one. + +- The handling of a couple of other non-security relevant openssl return codes + was fixed as well. + +- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its + TCG TNC IF-MAP 2.1 interface. + +- The charon.initiator_only option causes charon to ignore IKE initiation + requests. + +- The openssl plugin can now use the openssl-fips library. + + strongswan-5.0.3 ---------------- |