Help!

Accepted strongswan 2.8.0+dfsg-1+etch2 (source i386)

  
  
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Changes RSS
Next:  Accepted postgresql-8.3 8.3.8-0lenny1 (source all..  
Author Message
Rene Mayrhofer
External


Since: Jan 18, 2005
Posts: 37
PostPosted: Sun Oct 04, 2009 11:10 pm    Post subject: Accepted strongswan 2.8.0+dfsg-1+etch2 (source i386)
Archived from groups: linux>debian>changes (more info?)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 22 Jul 2009 12:04:11 +0200
Source: strongswan
Binary: strongswan
Architecture: source i386
Version: 2.8.0+dfsg-1+etch2
Distribution: oldstable-security
Urgency: low
Maintainer: Rene Mayrhofer <rmayr RemoveThis @debian.org>
Changed-By: Rene Mayrhofer <rmayr RemoveThis @debian.org>
Description:
strongswan - IPSec utilities for strongSwan
Changes:
strongswan (2.8.0+dfsg-1+etch2) oldstable-security; urgency=low
.
Applied ASN.1 security fixes from strongswan upstream:
* strongswan-2.x.x_asn1_length.patch: The RDN parser vulnerability
discovered by Orange Labs research team was not completely fixed
in version 2.8.10. Some more modifications had to be applied to the
asn1_length() function.
* strongswan-2.x.x_asn1_rdn.patch: Applying their fuzzing tool, the
Orange Labs vulnerability research team found a Denial-of-Service
vulnerability in the parsing of ASN.1 Relative Distinguished Names
(RDNs). Malformed X.509 certificate RDNs can cause the pluto IKE daemon
to crash and restart.
* strongswan-2.x.x_asn1_time.patch: Applying their fuzzing tool, the
Orange Labs vulnerability research team found a Denial-of-Service
vulnerability in the parsing of ASN.1 UTCTIME and GENERALIZEDTIME strings.
Malformed X.509 certificate time strings can cause the pluto IKE daemon
to crash and restart.
Files:
6787c4f1c81bc390d2d4c5ef7cd1f004 811 net optional strongswan_2.8.0+dfsg-1+etch2.dsc
945cc03b76743138f14b9719a204fedb 58570 net optional strongswan_2.8.0+dfsg-1+etch2.diff.gz
3859569cbea184e01cb17158458a86e0 1054160 net optional strongswan_2.8.0+dfsg-1+etch2_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqS9ioACgkQq7SPDcPCS95sbwCgmJzi7dcPRY6RsuP8jpGv0I5i
kBsAnRhn09PVNldI0TyKP2RnI3d4chcu
=b5yQ
-----END PGP SIGNATURE-----


Accepted:
strongswan_2.8.0+dfsg-1+etch2.diff.gz
to pool/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.diff.gz
strongswan_2.8.0+dfsg-1+etch2.dsc
to pool/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2.dsc
strongswan_2.8.0+dfsg-1+etch2_i386.deb
to pool/main/s/strongswan/strongswan_2.8.0+dfsg-1+etch2_i386.deb


--
To UNSUBSCRIBE, email to debian-changes-REQUEST RemoveThis @lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster RemoveThis @lists.debian.org
Back to top
Display posts from previous:   
Post new topic   General Reply to Topic (not reply to a specific post)    Forums Home -> Changes All times are: Eastern Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum