From b238cf34df3fe4476ae6b7012e7cb3e9769d4d51 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Mon, 8 Jun 2015 15:35:16 +0200
Subject: Imported Upstream version 5.3.2

---
 NEWS | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index b2e8cb2e6..e0cfb7e98 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,13 @@
+strongswan-5.3.2
+----------------
+
+- Fixed a vulnerability that allowed rogue servers with a valid certificate
+  accepted by the client to trick it into disclosing its username and even
+  password (if the client accepts EAP-GTC).  This was caused because constraints
+  against the responder's authentication were enforced too late.
+  This vulnerability has been registered as CVE-2015-4171.
+
+
 strongswan-5.3.1
 ----------------
 
-- 
cgit v1.2.3