From fc556ec2bc92a9d476c11406fad2c33db8bf7cb0 Mon Sep 17 00:00:00 2001
From: Yves-Alexis Perez <corsac@debian.org>
Date: Mon, 1 Jun 2015 14:46:30 +0200
Subject: Imported Upstream version 5.3.1

---
 NEWS | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 81a7fc5fc..b2e8cb2e6 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,19 @@
+strongswan-5.3.1
+----------------
+
+- Fixed a denial-of-service and potential remote code execution vulnerability
+  triggered by IKEv1/IKEv2 messages that contain payloads for the respective
+  other IKE version. Such payload are treated specially since 5.2.2 but because
+  they were still identified by their original payload type they were used as
+  such in some places causing invalid function pointer dereferences.
+  The vulnerability has been registered as CVE-2015-3991.
+
+- The new aesni plugin provides CBC, CTR, XCBC, CMAC, CCM and GCM crypto
+  primitives for AES-128/192/256. The plugin requires AES-NI and PCLMULQDQ
+  instructions and works on both x86 and x64 architectures. It provides
+  superior crypto performance in userland without any external libraries.
+
+
 strongswan-5.3.0
 ----------------
 
-- 
cgit v1.2.3