* SECURITY UPDATE: authentication bypass in eap-mschapv2 plugin
- debian/patches/CVE-2015-8023.patch: only succeed authentication if
MSK was established in
src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.
- CVE-2015-8023
-- Marc Deslauriers <email address hidden> Thu, 19 Nov 2015 14:00:17 -0500
* SECURITY UPDATE: user credential disclosure to rogue servers
- debian/patches/CVE-2015-4171.patch: enforce remote authentication
config before proceeding with own authentication in
src/libcharon/sa/ikev2/tasks/ike_auth.c.
- CVE-2015-4171
-- Marc Deslauriers <email address hidden> Mon, 08 Jun 2015 12:50:38 -0400
* SECURITY UPDATE: denial of service via DH group 1025
- debian/patches/CVE-2014-9221.patch: define MODP_CUSTOM outside of
IKE DH range in src/libstrongswan/crypto/diffie_hellman.c,
src/libstrongswan/crypto/diffie_hellman.h.
- CVE-2014-9221