diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2018-10-01 22:30:37 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2018-10-01 22:30:37 +0200 |
| commit | db444b349d9e135dc54b3d07fa845ef952183f0b (patch) | |
| tree | 99919e7598ae185c45d9b26fac5fd6826e4eae6d /NEWS | |
| parent | 1235601b34833b5af07c380767ff36275705bd7c (diff) | |
| parent | 3001f2ed68bf2e519b197a0a33e9976177c002ae (diff) | |
| download | vyos-strongswan-db444b349d9e135dc54b3d07fa845ef952183f0b.tar.gz vyos-strongswan-db444b349d9e135dc54b3d07fa845ef952183f0b.zip | |
Update upstream source from tag 'upstream/5.7.1'
Update to upstream version '5.7.1'
with Debian dir 72f82c6dc54a03e0a4ef30d019024a741edf8eb4
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +strongswan-5.7.1 +---------------- + +- Fixes a vulnerability in the gmp plugin triggered by crafted certificates with + RSA keys with very small moduli. When verifying signatures with such keys, + the code patched with the fix for CVE-2018-16151/2 caused an integer underflow + and subsequent heap buffer overflow that results in a crash of the daemon. + The vulnerability has been registered as CVE-2018-17540. + + strongswan-5.7.0 ---------------- |