Summary: | RDN parser vulnerability | ||
---|---|---|---|
Product: | Sisyphus | Reporter: | Vladimir Lettiev <crux> |
Component: | strongswan | Assignee: | Michael Shigorin <mike> |
Status: | CLOSED FIXED | QA Contact: | qa-sisyphus |
Severity: | critical | ||
Priority: | P3 | CC: | mike, week |
Version: | unstable | Keywords: | security |
Hardware: | all | ||
OS: | Linux | ||
URL: | http://download.strongswan.org/CHANGES42.txt |
Description
Vladimir Lettiev
2009-07-22 17:12:07 MSD
strongswan-4.3.3-alt1 -> sisyphus: * Thu Jul 23 2009 Michael Shigorin <mike@altlinux> 4.3.3-alt1 - 4.3.3 (closes: #20849) + the RDN parser vulnerability discovered by Orange Labs research team was not completely fixed in version 4.3.2. Some more modifications had to be applied to the asn1_length() function to make it robust. + thanks crux@ for prompt notification |