added info about two DoS fixes

author: Andreas Steffen <andreas.steffen@strongswan.org> 2009-06-18 19:29:16 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> 2009-06-18 19:29:16 +0200
commit: 126f2130fb2bf4246e78da484b01c7e5bdd908cb (patch)
tree: e73abc5113e085357fbf3783e8615b7797530e85 /NEWS
parent: 1ea31180a0ccc04815196eda82d1fef8e6ed88cb (diff)
download: strongswan-126f2130fb2bf4246e78da484b01c7e5bdd908cb.tar.bz2
strongswan-126f2130fb2bf4246e78da484b01c7e5bdd908cb.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 493051130..d38e9fe67 100644
--- a/NEWS
+++ b/NEWS
@@ -12,6 +12,11 @@ strongswan-4.3.2
   Thanks to the openssl plugin, the ECP Diffie-Hellman groups 19, 20, 21, 25, and
   26 as well as ECDSA-256, ECDSA-384, and ECDSA-521 authentication can be used
   with IKEv1.
+
+- Applying their fuzzing tool, the Orange Labs vulnerability research team found
+  another two DoS vulnerabilities, one in the rather old ASN.1 parser of Relative
+  Distinguished Names (RDNs) and a second one in the conversion of ASN.1 UTCTIME
+  and GENERALIZEDTIME strings to a time_t value.
   
 
 strongswan-4.3.1
author	Andreas Steffen <andreas.steffen@strongswan.org>	2009-06-18 19:29:16 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	2009-06-18 19:29:16 +0200
commit	126f2130fb2bf4246e78da484b01c7e5bdd908cb (patch)
tree	e73abc5113e085357fbf3783e8615b7797530e85 /NEWS
parent	1ea31180a0ccc04815196eda82d1fef8e6ed88cb (diff)
download	strongswan-126f2130fb2bf4246e78da484b01c7e5bdd908cb.tar.bz2 strongswan-126f2130fb2bf4246e78da484b01c7e5bdd908cb.tar.xz