[Buildroot] [PATCH 1/1] package/strongswan: security bump to version 5.9.4
Peter Korsgaard
peter at korsgaard.com
Wed Oct 27 10:22:08 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> - Fixed a denial-of-service vulnerability in the gmp plugin that was
> caused by an integer overflow when processing RSASSA-PSS signatures
> with very large salt lengths. This vulnerability has been registered
> as CVE-2021-41990.
> - Fixed a denial-of-service vulnerability in the in-memory certificate
> cache if certificates are replaced and a very large random value
> caused an integer overflow. This vulnerability has been registered as
> CVE-2021-41991.
> https://www.strongswan.org/blog/2021/10/18/strongswan-vulnerability-(cve-2021-41991).html
> https://github.com/strongswan/strongswan/blob/5.9.4/NEWS
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2021.02.x and 2021.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list