NEWS: Add info about CVE-2013-5018

author: Tobias Brunner <tobias@strongswan.org> 2013-07-31 15:28:15 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2013-07-31 22:16:58 +0200
commit: 3a938a6f854a414df1a6dd9d8ef5761300b4623e (patch)
tree: 262984eee844c9cedcff11db3337495db2c01a26
parent: d12fc14616bd6516ba705a5bfbdef9ce2bc5bf5a (diff)
download: strongswan-3a938a6f854a414df1a6dd9d8ef5761300b4623e.tar.bz2
strongswan-3a938a6f854a414df1a6dd9d8ef5761300b4623e.tar.xz
1 files changed, 6 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 664e830bc..fb0b4a2c8 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
 strongswan-5.1.0
 ----------------
 
+- Fixed a denial-of-service vulnerability triggered by specific XAuth usernames
+  and EAP identities (since 5.0.3), and PEM files (since 4.1.11).  The crash
+  was caused by insufficient error handling in the is_asn1() function.
+  The vulnerability has been registered as CVE-2013-5018.
+
 - The new charon-cmd command line IKE client can establish road warrior
   connections using IKEv1 or IKEv2 with different authentication profiles.
   It does not depend on any configuration files and can be configured using a
@@ -36,7 +41,7 @@ strongswan-5.1.0
 
 - IKEv2 can now negotiate transport mode and IPComp in NAT situations.
 
-- IKEv2 exchange initiators now properly closes an established IKE or CHILD_SA
+- IKEv2 exchange initiators now properly close an established IKE or CHILD_SA
   on error conditions using an additional exchange, keeping state in sync
   between peers.
author	Tobias Brunner <tobias@strongswan.org>	2013-07-31 15:28:15 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2013-07-31 22:16:58 +0200
commit	3a938a6f854a414df1a6dd9d8ef5761300b4623e (patch)
tree	262984eee844c9cedcff11db3337495db2c01a26
parent	d12fc14616bd6516ba705a5bfbdef9ce2bc5bf5a (diff)
download	strongswan-3a938a6f854a414df1a6dd9d8ef5761300b4623e.tar.bz2 strongswan-3a938a6f854a414df1a6dd9d8ef5761300b4623e.tar.xz