File _patchinfo of Package patchinfo
<patchinfo incident="2174"> <category>recommended</category> <rating>low</rating> <packager>mtomaschewski</packager> <summary>- Applied upstream fix for a denial-of-service and authorization</summary> <description>- Applied upstream fix for a denial-of-service and authorization bypass vulnerability via crafted ID payload in strongswan 4.3.3 up to 5.1.0 (CVE-2013-6075, bnc#847506). [0007-strongswan-4.3.3_5.1.0-bnc-847506-CVE-2013-6075.patch] - Added a recursion limit to get_route in netlink plugin to avoid a charon crash while trying to find a source address when local left is set to %any on newer kernels sorting the default route as first one (bnc#840826). [0006-strongswan-4.6.4-bnc-840826-recursion-limit.patch] - Fixed patch file/number in spec and bug/file references in the changes and inside of the patch files. [0004 -&gt; 0005-strongswan-4.3.0-5.0.4_is_asn1-CVE-2013-5018.bnc833278.patch] [0003 -&gt; 0004-Check-return-value-of-ECDSA_Verify-correctly.patch] [0001 -&gt; 0003-openssl-Ensure-the-thread-ID-is-never-zero.patch]</description> </patchinfo>
