[Buildroot] [PATCH] strongswan: add upstream security patch
Peter Korsgaard
peter at korsgaard.com
Fri Oct 5 19:59:57 UTC 2018
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2018-16151: The OID parser in the ASN.1 code in gmp allows any number of
> random bytes after a valid OID.
> CVE-2018-16152: The algorithmIdentifier parser in the ASN.1 code in gmp
> doesn't enforce a NULL value for the optional parameter which is not used
> with any PKCS#1 algorithm.
> For more details, see the advisory:
> https://www.strongswan.org/blog/2018/09/24/strongswan-vulnerability-(cve-2018-16151,-cve-2018-16152).html
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
Committed to 2018.02.x, 2018.05.x and 2018.08.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list