diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-06-08 15:35:16 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-06-08 15:35:16 +0200 |
| commit | b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (patch) | |
| tree | f17b69b2ade74cd41aaee818e50657465602522d /NEWS | |
| parent | fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 (diff) | |
| download | vyos-strongswan-b238cf34df3fe4476ae6b7012e7cb3e9769d4d51.tar.gz vyos-strongswan-b238cf34df3fe4476ae6b7012e7cb3e9769d4d51.zip | |
Imported Upstream version 5.3.2
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +strongswan-5.3.2 +---------------- + +- Fixed a vulnerability that allowed rogue servers with a valid certificate + accepted by the client to trick it into disclosing its username and even + password (if the client accepts EAP-GTC). This was caused because constraints + against the responder's authentication were enforced too late. + This vulnerability has been registered as CVE-2015-4171. + + strongswan-5.3.1 ---------------- |