summaryrefslogtreecommitdiff
path: root/pcr/strongswan/CHANGELOG
diff options
context:
space:
mode:
Diffstat (limited to 'pcr/strongswan/CHANGELOG')
-rw-r--r--pcr/strongswan/CHANGELOG20
1 files changed, 20 insertions, 0 deletions
diff --git a/pcr/strongswan/CHANGELOG b/pcr/strongswan/CHANGELOG
new file mode 100644
index 000000000..a798a08c4
--- /dev/null
+++ b/pcr/strongswan/CHANGELOG
@@ -0,0 +1,20 @@
+strongswan-5.0.4
+----------------
+
+- Fixed a security vulnerability in the openssl plugin which was reported by
+ Kevin Wojtysiak. The vulnerability has been registered as CVE-2013-2944.
+ Before the fix, if the openssl plugin's ECDSA signature verification was used,
+ due to a misinterpretation of the error code returned by the OpenSSL
+ ECDSA_verify() function, an empty or zeroed signature was accepted as a
+ legitimate one.
+
+- The handling of a couple of other non-security relevant openssl return codes
+ was fixed as well.
+
+- The tnc_ifmap plugin now publishes virtual IPv4 and IPv6 addresses via its
+ TCG TNC IF-MAP 2.1 interface.
+
+- The charon.initiator_only option causes charon to ignore IKE initiation
+ requests.
+
+- The openssl plugin can now use the openssl-fips library.
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-11-24 10:13:19 +0000