Sat May 25 00:28:12 PDT 2013

author: root <root@rshg054.dnsready.net> 2013-05-25 00:28:13 -0700
committer: root <root@rshg054.dnsready.net> 2013-05-25 00:28:13 -0700
commit: 2333a0e547f378ad697f35312d6ba6d3fbafb2c8 (patch)
tree: cb9c92701c40feb373936bffe4190081f8253170 /pcr/strongswan/CHANGELOG
parent: 0520c5091743d9910278e53fa32470b096825fb3 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
new file mode 100644
index 000000000..a798a08c4
--- /dev/null
+++ b/pcr/strongswan/CHANGELOG
@@ -0,0 +1,20 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+  Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+  Before the fix, if the openssl plugin's ECDSA signature verification was used,
+  due to a misinterpretation of the error code returned by the OpenSSL
+  ECDSA_verify() function, an empty or zeroed signature was accepted as a
+  legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+  was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+  TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+  requests.
+
+- The openssl plugin can now use the openssl-fips library.
author	root <root@rshg054.dnsready.net>	2013-05-25 00:28:13 -0700
committer	root <root@rshg054.dnsready.net>	2013-05-25 00:28:13 -0700
commit	2333a0e547f378ad697f35312d6ba6d3fbafb2c8 (patch)
tree	cb9c92701c40feb373936bffe4190081f8253170 /pcr/strongswan/CHANGELOG
parent	0520c5091743d9910278e53fa32470b096825fb3 (diff)