-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Mon, 2025-11-03 at 20:54 +0100, Salvatore Bonaccorso wrote: > The following vulnerability was published for strongswan. > > CVE-2025-62291[0]: > > A vulnerability in the eap-mschapv2 plugin related to processing > > Failure Request packets on the client was discovered in strongSwan > > that can result in a heap-based buffer overflow and potentially remote > > code execution. > > (just filling for visibility, alls security supported suites are > already been fixed) > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2025-62291 > https://www.cve.org/CVERecord?id=CVE-2025-62291 > [1] > https://www.strongswan.org/blog/2025/10/27/strongswan-vulnerability-(cve-2025-62291).html
Just a bit of information to the bug since it's taking a bit of time: the package for unstable is ready (since the CRD actually) but I'm waiting on the keyring update (which should happen on the 24th apparently) before I can upload. Meanwhile updated (and signed) packages are available at: https://perso.corsac.net/~corsac/debian/strongswan/ Regards, - -- Yves-Alexis -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmkUOqMACgkQ3rYcyPpX RFusXAf8DYZpWybesirH0QGzf1JG3S66TbiqU+HmJk2XxCWEdb+r970deCri5rMa tpzeevdzzCNEqaliYgDJ6BcUijAT1cHDFScaeu8XupB/JzGiFFpcVtUZJt40uue9 n235rysa2d5J2rxohhA3NlMzZa7O4c8adXpQv860mRvQ6F6oeQ4FWaAdoQwbqWDR CBBs9vHCICrcQAqgqbNeBqcDskmon0+2KGEmYjYD4Wu5V9cWJqksqPztt8s5baQl DA2nf8XuEPjDqxeXc9CjF6oISinGe5yq7k/lJQWK9howwEw0R0SUzT6uqZGAgZeM asAm8/o9Z6vw66WdJfLRKnOfk5FOgw== =BOEf -----END PGP SIGNATURE-----
