Package: ipsec-tools Version: 1:0.7.1-1.4 Severity: important Tags: security patch
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for ipsec-tools. CVE-2009-1632[0]: | Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote | attackers to cause a denial of service (memory consumption) via | vectors involving (1) signature verification during user | authentication with X.509 certificates, related to the | eay_check_x509sign function in src/racoon/crypto_openssl.c; and (2) | the NAT-Traversal (aka NAT-T) keepalive implementation, related to | src/racoon/nattraversal.c. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For the moment set only important as severity because 1:0.7.1-1.4 needs to migrate in testing, and I don't know if an RC bug could interfere. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1632 http://security-tracker.debian.net/tracker/CVE-2009-1632 http://marc.info/?l=oss-security&m=124101704828036&w=2 Patches: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=h http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=h -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkoOwQkACgkQNxpp46476apwggCeOsGCHxZDseuTaVSqy8cxcXRa SJgAn2CKMUqdfUBs9y30R2puUlh2fwpu =oQ8G -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
