Imported Upstream version 5.0.4

author: Yves-Alexis Perez <corsac@debian.org> 2013-04-30 17:51:33 +0200
committer: Yves-Alexis Perez <corsac@debian.org> 2013-04-30 17:51:33 +0200
commit: c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (patch)
tree: 44039788fc816c84d5788df847d1555413ebe55a /NEWS
parent: 10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (diff)
download: vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.tar.gz
vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.zip
1 files changed, 22 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index b95698d91..2c58ee97c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,25 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+  Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+  Before the fix, if the openssl plugin's ECDSA signature verification was used,
+  due to a misinterpretation of the error code returned by the OpenSSL
+  ECDSA_verify() function, an empty or zeroed signature was accepted as a
+  legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+  was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+  TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+  requests.
+
+- The openssl plugin can now use the openssl-fips library.
+
+
 strongswan-5.0.3
 ----------------
author	Yves-Alexis Perez <corsac@debian.org>	2013-04-30 17:51:33 +0200
committer	Yves-Alexis Perez <corsac@debian.org>	2013-04-30 17:51:33 +0200
commit	c83921a2b566aa9d55d8ccc7258f04fca6292ee6 (patch)
tree	44039788fc816c84d5788df847d1555413ebe55a /NEWS
parent	10e5fb2b9b2f27c83b3e5a1d048b158d5cf42a43 (diff)
download	vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.tar.gz vyos-strongswan-c83921a2b566aa9d55d8ccc7258f04fca6292ee6.zip