Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted strongswan 5.9.1-1+deb11u5 (source) into oldoldstable-security
Date: Mon, 03 Nov 2025 10:20:34 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon,  3 Nov 2025 11:05:36 CET
Source: strongswan
Architecture: source
Version: 5.9.1-1+deb11u5
Distribution: bullseye-security
Urgency: high
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 50938abd5c894e38000f3a17bdc5a3be54c98308 3509 strongswan_5.9.1-1+deb11u5.dsc
 dc6486571982ae5ce2ff26d3fc94443be1962f2e 4590867 strongswan_5.9.1.orig.tar.bz2
 823ba67fe91910869ddac7c3e48955f9b83aa21f 122564 strongswan_5.9.1-1+deb11u5.debian.tar.xz
 0baaae33ede849338b618cbb04f4acdbc252bf33 19047 strongswan_5.9.1-1+deb11u5_amd64.buildinfo
Checksums-Sha256:
 c4e2b7119f7700773b1dbe22ff4fcd7baa8d457b9668183ea7c9ee48d43bba57 3509 strongswan_5.9.1-1+deb11u5.dsc
 a337c9fb63d973b8440827755c784031648bf423b7114a04918b0b00fd42cafb 4590867 strongswan_5.9.1.orig.tar.bz2
 9f1ba81e873359ebb1f4a19ff9cd03e8d00c4b67165203aba1b274eb2b5dfb4f 122564 strongswan_5.9.1-1+deb11u5.debian.tar.xz
 7f5fba0a908a3aaeac4221a997c4c4f489133f0a1e5d7ec498b5bfbb242ba6ba 19047 strongswan_5.9.1-1+deb11u5_amd64.buildinfo
Changes:
 strongswan (5.9.1-1+deb11u5) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2025-62291:
     Xu Biang discovered a buffer overflow bug in the eap-mschapv2 plugin of
     strongSwan, an IKE/IPsec suite.
     The eap-mschapv2 plugin does not correctly check the length of an
     EAP-MSCHAPv2 Failure Request packet on the client, which can cause an
     integer underflow that leads to a crash, and a heap-based buffer overflow
     that's potentially exploitable for remote code execution.
Files:
 80e48584fe97ee1f401c28a89e460b40 3509 net optional strongswan_5.9.1-1+deb11u5.dsc
 1f4db969d072e120dc12d1c116a0f658 4590867 net optional strongswan_5.9.1.orig.tar.bz2
 a47675e982dbfa5304cb6c07c5b00b85 122564 net optional strongswan_5.9.1-1+deb11u5.debian.tar.xz
 d464663f853f264083b83ffb1954cfba 19047 net optional strongswan_5.9.1-1+deb11u5_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmkIfphfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk+b4P/0lWba/yb7/qmhKnyIT9Gw4g6ZNCkleNuGZD
5AuKDoFLsVE40hMRJrIKbSpEIlysXJ3bmxk1Mku88Pli2krXyvXrgxpkfHaaJ88k
hsyYwve/aGkdJJ0JfZmI6TUSQNut8KPwFvqFT6k6ZoU8B8ylh8fSsItNcQ1P3cxE
sv7gwbKdraggxLR8vfIOMBYisNA2xbSv7o184jWjAjEN9as54mYhtrEjO1nU4tvz
csM32RnjklykikOKHl5/snuiJ4ef1vNO9rlWZ7Dp6txZpdR3WF3v5wctvBTQWNGC
VpioMRinu57BO/7leb5QD8KRhgyfclP9V7MK7sWJGPb8pCIcrZnvzVBP86+GSk07
5kNLbNWGd8NpRbl6aN8sjihI/lweqsRGsSrzsWZSu9/kZiW2bWY1rTPnhVaTKLot
d67AlnXzsKF4FO2HQ1/0aVOgkG8U869mawED0laIh82NSg90YGf3za2+SMyuCFW7
MEqGvNz+mYrY5HVOy79N/1IVEWWJjxLAYPZpDzm45bv+azdxl/xkhW9RVI2hnCJ5
CR0VM8Aed/QabpR4E1w9yO3nV5TomQTc/7pM65rLNXF2poysxrgRfoJDMXaR4Zs5
869NvDDxWu6D1gZp03WvKpdoVs8Jc62nonjatFJHyUxiDjkoccFh/w9KpEj+JjSp
LdxnrrTG
=uUv7
-----END PGP SIGNATURE-----

News for package strongswan