From 1e980d6be0ef0e243c6fe82b5e855454b97e24a4 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Wed, 18 Nov 2015 14:49:27 +0100
Subject: Imported Upstream version 5.3.4

---
 NEWS | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 0940dff9c..4674e52e6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,17 @@
+strongswan-5.3.4
+----------------
+
+- Fixed an authentication bypass vulnerability in the eap-mschapv2 plugin that
+  was caused by insufficient verification of the internal state when handling
+  MSCHAPv2 Success messages received by the client.
+  This vulnerability has been registered as CVE-2015-8023.
+
+- The sha3 plugin implements the SHA3 Keccak-F1600 hash algorithm family.
+  Within the strongSwan framework SHA3 is currently used for BLISS signatures
+  only because the OIDs for other signature algorithms haven't been defined
+  yet. Also the use of SHA3 for IKEv2 has not been standardized yet.
+
+
 strongswan-5.3.3
 ----------------
 
@@ -37,7 +51,7 @@ strongswan-5.3.3
   since 5.0.0) and packets that have the flag set incorrectly are again ignored.
 
 - Implemented a demo Hardcopy Device IMC/IMV pair based on the "Hardcopy
-  Device Health Assessment Trusted Network Connect Binding" (HCD-TNC) 
+  Device Health Assessment Trusted Network Connect Binding" (HCD-TNC)
   document drafted by the IEEE Printer Working Group (PWG).
 
 - Fixed IF-M segmentation which failed in the presence of multiple small
-- 
cgit v1.2.3