Message ID | 1433771406-17543-1-git-send-email-gustavo@zacarias.com.ar |
---|---|
State | Accepted |
Headers | show |
Dear Gustavo Zacarias, On Mon, 8 Jun 2015 10:50:06 -0300, Gustavo Zacarias wrote: > Fixes: > > CVE-2015-4171 - rogue servers with a valid certificate > accepted by the client to trick it into disclosing its username and even > password (if the client accepts EAP-GTC). > > Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> > --- > package/strongswan/strongswan.hash | 4 ++-- > package/strongswan/strongswan.mk | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) Applied, thanks. Thomas
diff --git a/package/strongswan/strongswan.hash b/package/strongswan/strongswan.hash index e38c736..8b31de4 100644 --- a/package/strongswan/strongswan.hash +++ b/package/strongswan/strongswan.hash @@ -1,2 +1,2 @@ -# From http://download.strongswan.org/strongswan-5.3.1.tar.bz2.md5 -md5 66f258901a3d6c271da1a0c7fb3e5013 strongswan-5.3.1.tar.bz2 +# From http://download.strongswan.org/strongswan-5.3.2.tar.bz2.md5 +md5 fab014be1477ef4ebf9a765e10f8802c strongswan-5.3.2.tar.bz2 diff --git a/package/strongswan/strongswan.mk b/package/strongswan/strongswan.mk index f165eb1..47a28a3 100644 --- a/package/strongswan/strongswan.mk +++ b/package/strongswan/strongswan.mk @@ -4,7 +4,7 @@ # ################################################################################ -STRONGSWAN_VERSION = 5.3.1 +STRONGSWAN_VERSION = 5.3.2 STRONGSWAN_SOURCE = strongswan-$(STRONGSWAN_VERSION).tar.bz2 STRONGSWAN_SITE = http://download.strongswan.org STRONGSWAN_LICENSE = GPLv2+
Fixes: CVE-2015-4171 - rogue servers with a valid certificate accepted by the client to trick it into disclosing its username and even password (if the client accepts EAP-GTC). Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> --- package/strongswan/strongswan.hash | 4 ++-- package/strongswan/strongswan.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-)