diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2015-06-08 15:35:16 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2015-06-08 15:35:16 +0200 |
| commit | 9a189fe1f78ae3e134e6360a91524cbc57d3cf94 (patch) | |
| tree | 12bcf7b40140b70c80e1fa7067efb30b34a317b6 /NEWS | |
| parent | a7311b2447272f7431ced71d4dfcddea0e1d22fe (diff) | |
| parent | b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 (diff) | |
| download | vyos-strongswan-9a189fe1f78ae3e134e6360a91524cbc57d3cf94.tar.gz vyos-strongswan-9a189fe1f78ae3e134e6360a91524cbc57d3cf94.zip | |
Merge tag 'upstream/5.3.2'
Upstream version 5.3.2
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 10 |
1 files changed, 10 insertions, 0 deletions
@@ -1,3 +1,13 @@ +strongswan-5.3.2 +---------------- + +- Fixed a vulnerability that allowed rogue servers with a valid certificate + accepted by the client to trick it into disclosing its username and even + password (if the client accepts EAP-GTC). This was caused because constraints + against the responder's authentication were enforced too late. + This vulnerability has been registered as CVE-2015-4171. + + strongswan-5.3.1 ---------------- |