Debian Package Tracker

From: Rene Mayrhofer <rmayr@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted strongswan 4.2.4-5+lenny2 (source amd64)
Date: Mon, 05 Oct 2009 01:54:24 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 22 Jul 2009 12:45:08 +0200
Source: strongswan
Binary: strongswan
Architecture: source amd64
Version: 4.2.4-5+lenny2
Distribution: stable-security
Urgency: high
Maintainer: Rene Mayrhofer <rmayr@debian.org>
Changed-By: Rene Mayrhofer <rmayr@debian.org>
Description: 
 strongswan - IPSec utilities for strongSwan
Changes: 
 strongswan (4.2.4-5+lenny2) stable-security; urgency=high
 .
   Applied ASN.1 and other security fixes from upstream:
   * Fixes a Denial-of-Service vulnerability where receiving a malformed
     IKE_AUTH request with either a missing TSi or TSr traffic selector
     payload causes a crash of the IKEv2 charon while dereferencing a NULL
     pointer because the NULL pointer checks of TSi and TSr before destruction
     were erroneously swapped.
   * The RDN parser vulnerability discovered by Orange Labs research team
     was not completely fixed in version 4.2.16. Some more modifications had
     to be applied to the asn1_length() function.
   * Applying their fuzzing tool, the Orange Labs vulnerability research team
     found a Denial-of-Service vulnerability in the parsing of ASN.1 Relative
     Distinguished Names (RDNs). Malformed X.509 certificate RDNs can cause
     the pluto and charon IKE daemons to crash and restart.
   * Applying their fuzzing tool, the Orange Labs vulnerability research team
     found a Denial-of-Service vulnerability in the parsing of ASN.1 UTCTIME
     and GENERALIZEDTIME strings. Malformed X.509 certificate time strings can
     cause the pluto and charon IKE daemons to crash and restart.
   * Fixes a Denial-of-Service vulnerability where receiving a malformed
     IKE_SA_INIT request leaves an incomplete state which causes a crash of
     the IKEv2 charon while dereferencing a NULL pointer if a subsequent
     CREATE_CHILD_SA is received.
Checksums-Sha1: 
 c1fe733215614434df83614dfa4d26148dc0dd78 1310 strongswan_4.2.4-5+lenny2.dsc
 c4189d7d8687896a18dea1ecae2a8f934962f3e2 61766 strongswan_4.2.4-5+lenny2.diff.gz
 11e06c9bcb7b5a383bc2492a7cbdad81873ae88d 1178134 strongswan_4.2.4-5+lenny2_amd64.deb
Checksums-Sha256: 
 de4db3697ba29025590d93721302e4cf6d99dd975f1a2e6d6c5b6633a1d90b30 1310 strongswan_4.2.4-5+lenny2.dsc
 92831288a1e9b9cb77562d62dca4b74a3e3e738fcb9b03a4277306a96f31cf25 61766 strongswan_4.2.4-5+lenny2.diff.gz
 f6719e578658205b09e22c7402d3736dccc931e98be7b2ac8e66b17c1d23cd13 1178134 strongswan_4.2.4-5+lenny2_amd64.deb
Files: 
 928b8b063b5faff63069ed14943adca6 1310 net optional strongswan_4.2.4-5+lenny2.dsc
 59fdf86036990bebd0ddcf6f8fb3cfcb 61766 net optional strongswan_4.2.4-5+lenny2.diff.gz
 6c93cf3e50409d80f8fe9d98d1347936 1178134 net optional strongswan_4.2.4-5+lenny2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpuAQUACgkQq7SPDcPCS96Y4QCg5W7XnavAXFEFl+p+nsRIy0yT
XMsAn0B9TJUvouqm+BClRXnsCl4mBfQX
=avvD
-----END PGP SIGNATURE-----


Accepted:
strongswan_4.2.4-5+lenny2.diff.gz
  to pool/main/s/strongswan/strongswan_4.2.4-5+lenny2.diff.gz
strongswan_4.2.4-5+lenny2.dsc
  to pool/main/s/strongswan/strongswan_4.2.4-5+lenny2.dsc
strongswan_4.2.4-5+lenny2_amd64.deb
  to pool/main/s/strongswan/strongswan_4.2.4-5+lenny2_amd64.deb
News for package strongswan
