* [Buildroot] [PATCH] strongswan: security bump to version 5.3.4
@ 2015-11-16 19:55 Gustavo Zacarias
2015-11-16 20:15 ` Thomas Petazzoni
0 siblings, 1 reply; 2+ messages in thread
From: Gustavo Zacarias @ 2015-11-16 19:55 UTC (permalink / raw)
To: buildroot
Fixes:
CVE-2015-8023 - authentication bypass vulnerability in the eap-mschapv2
plugin that was caused by insufficient verification of the internal
state when handling EAP-MSCHAPv2 Success messages received by the
client.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
---
package/strongswan/strongswan.hash | 6 +++---
package/strongswan/strongswan.mk | 2 +-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash
index 5e1cf4d..4d6fd07 100644
--- a/package/strongswan/strongswan.hash
+++ b/package/strongswan/strongswan.hash
@@ -1,4 +1,4 @@
-# From http://download.strongswan.org/strongswan-5.3.3.tar.bz2.md5
-md5 5a25f3d1c31a77ef44d14a2e7b3eaad0 strongswan-5.3.3.tar.bz2
+# From http://download.strongswan.org/strongswan-5.3.4.tar.bz2.md5
+md5 655a632a515c74a99f2e9cc337ab2f33 strongswan-5.3.4.tar.bz2
# Calculated based on the hash above
-sha256 39d2e8f572a57a77dda8dd8bdaf2ee47ad3cefeb86bbb840d594aa75f00f33e2 strongswan-5.3.3.tar.bz2
+sha256 938ad1f7b612e039f1d32333f4865160be70f9fb3c207a31127d0168116459aa strongswan-5.3.4.tar.bz2
diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk
index ff4c072..b4003d3 100644
--- a/package/strongswan/strongswan.mk
+++ b/package/strongswan/strongswan.mk
@@ -4,7 +4,7 @@
#
################################################################################
-STRONGSWAN_VERSION = 5.3.3
+STRONGSWAN_VERSION = 5.3.4
STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2
STRONGSWAN_SITE = http://download.strongswan.org
STRONGSWAN_LICENSE = GPLv2+
--
2.4.10
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH] strongswan: security bump to version 5.3.4
2015-11-16 19:55 [Buildroot] [PATCH] strongswan: security bump to version 5.3.4 Gustavo Zacarias
@ 2015-11-16 20:15 ` Thomas Petazzoni
0 siblings, 0 replies; 2+ messages in thread
From: Thomas Petazzoni @ 2015-11-16 20:15 UTC (permalink / raw)
To: buildroot
Dear Gustavo Zacarias,
On Mon, 16 Nov 2015 16:55:06 -0300, Gustavo Zacarias wrote:
> Fixes:
> CVE-2015-8023 - authentication bypass vulnerability in the eap-mschapv2
> plugin that was caused by insufficient verification of the internal
> state when handling EAP-MSCHAPv2 Success messages received by the
> client.
>
> Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
> ---
> package/strongswan/strongswan.hash | 6 +++---
> package/strongswan/strongswan.mk | 2 +-
> 2 files changed, 4 insertions(+), 4 deletions(-)
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-16 20:15 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-16 19:55 [Buildroot] [PATCH] strongswan: security bump to version 5.3.4 Gustavo Zacarias
2015-11-16 20:15 ` Thomas Petazzoni
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox