diff options
author | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-07-12 22:53:11 -0300 |
---|---|---|
committer | Nicolás Reynolds <fauno@endefensadelsl.org> | 2013-07-12 22:53:11 -0300 |
commit | e14736ca7ac051726b587d8fdb8368be502a9109 (patch) | |
tree | 6a40b3b2de9bf45e8f31ba5fd45ee8f2615bd4ae /pcr/strongswan/CHANGELOG | |
parent | e6e169990bdfc35fb6151f148510bf3f0da1dc1e (diff) | |
parent | 360a407f262ac47087ff29718465fbfc7765cb73 (diff) |
Merge branch 'master' of ssh://gparabola/srv/git/abslibre
Diffstat (limited to 'pcr/strongswan/CHANGELOG')
-rw-r--r-- | pcr/strongswan/CHANGELOG | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG new file mode 100644 index 000000000..a798a08c4 --- /dev/null +++ b/pcr/strongswan/CHANGELOG @@ -0,0 +1,20 @@ +strongswan-5.0.4 +---------------- + +- Fixed a security vulnerability in the openssl plugin which was reported by + Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944. + Before the fix, if the openssl plugin's ECDSA signature verification was used, + due to a misinterpretation of the error code returned by the OpenSSL + ECDSA_verify() function, an empty or zeroed signature was accepted as a + legitimate one. + +- The handling of a couple of other non-security relevant openssl return codes + was fixed as well. + +- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its + TCG TNC IF-MAP 2.1 interface. + +- The charon.initiator_only option causes charon to ignore IKE initiation + requests. + +- The openssl plugin can now use the openssl-fips library. |