Overview
Request 267277 accepted
- Applied an upstream fix for a denial-of-service vulnerability,
which can be triggered by an IKEv2 Key Exchange payload, that
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
[+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
- Applied an upstream patch reverting to store algorithms in the
registration order again as ordering them by identifier caused
weaker algorithms to be proposed first by default (bsc#897512).
[+ 0005-restore-registration-algorithm-order.bug897512.patch]
- Re-enabled gcrypt plugin and reverted to not enforce fips again
as this breaks gcrypt and openssl plugins when the fips pattern
option is not installed (fate#316931,bnc#897048).
[- strongswan-fips-disablegcrypt.patch]
- Created by mtomaschewski
- In state accepted
Request History
mtomaschewski created request
- Applied an upstream fix for a denial-of-service vulnerability,
which can be triggered by an IKEv2 Key Exchange payload, that
contains the Diffie-Hellman group 1025 (bsc#910491,CVE-2014-9221).
[+ 0006-strongswan-5.1.2-5.2.1_modp_custom.CVE-2014-9221.patch]
- Applied an upstream patch reverting to store algorithms in the
registration order again as ordering them by identifier caused
weaker algorithms to be proposed first by default (bsc#897512).
[+ 0005-restore-registration-algorithm-order.bug897512.patch]
- Re-enabled gcrypt plugin and reverted to not enforce fips again
as this breaks gcrypt and openssl plugins when the fips pattern
option is not installed (fate#316931,bnc#897048).
[- strongswan-fips-disablegcrypt.patch]
maintbot accepted review
accepted
maintbot approved review
accepted
vpereirabr moved maintenance target to openSUSE:Maintenance:3365
vpereirabr accepted request
ok