From c83921a2b566aa9d55d8ccc7258f04fca6292ee6 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Tue, 30 Apr 2013 17:51:33 +0200
Subject: Imported Upstream version 5.0.4

---
 NEWS | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index b95698d91..2c58ee97c 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,25 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+  Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+  Before the fix, if the openssl plugin's ECDSA signature verification was used,
+  due to a misinterpretation of the error code returned by the OpenSSL
+  ECDSA_verify() function, an empty or zeroed signature was accepted as a
+  legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+  was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+  TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+  requests.
+
+- The openssl plugin can now use the openssl-fips library.
+
+
 strongswan-5.0.3
 ----------------
 
-- 
cgit v1.2.3