-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Hello,
I am once again inquiring about this vulnerabity. The strongSwan version in the repository for the 12.09 version of OpenWRT is still not patched and Mr. Fietkau does not respond to any emails. I wrote him one on 2014-06-08 and one on 2014-07-02. Please update the packages. Lots of people are running vulnerable StrongSwan versions on publicly reachable OpenWRT routers. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 15.04.2014 19:27, schrieb Felix Fietkau: > On 2014-04-15 00:33, Noel Kuntze wrote: >> Hello list, >> >> An authentication bypass vulnerability has been revealed by the strongSwan >> team. All versions of strongSwan since 4.0.7 are affected. >> All affected packages need to be patched. >> The patches for the different version can be gotten from >> http://download.strongswan.org/security/CVE-2014-2338/ > Strongswan has been updated to 5.1.3 in r40516. > I will also backport this version to the 12.09 branch. > > - Felix -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJTuHVtAAoJEDg5KY9j7GZYKm8P/j0bBPIf8OfphIBY+riHidsY uShpCWSUG1ee4OB/Moi43F1+1MCmQ1oNtF0UWqzknkJIt3T8sjGYDenVtBgsYGT6 G634z7AHhp2IHYT9cBBZQ95ay0MvGjCPiHu2M98ufYNCo8SC5x2EtcKilNGgVH8G FQftMAk+Bqs43Y8KEjD3UFg1xo7Ccq8sggcoOBHYG8v/nQCG0L6Nkcz7EdmBUtLL o8nQ+kHgvCVqXHC3IuIJ2qnWVmdofbt4MgV83g8CBwXLYmgZe9ORbqa7+L4Zd2eG b/8c7MMiHCi+t1kEB/9m82Aji9JIUNKp5XwUfnqUNNkm39loD5jRwYtlF2VvGFsI n5kjRC/11nkVgQWN+nRMrK1CfunY2FD+9WA7UUtVbOSvfWXCrdUb+YMuTtAqyygI OKueJx9RkwSmo+tUSqiDQpaQmItYcTZw/sCluRQI9XS/qzAGFLZhHD8pMl5Slwd5 PB27TRaz6BSZHalKoRV0VnWF5Alz5jbVO41saIcUwu7OAT98np7Q3VGag+0xXWHd xwK1Mkc+YEBtqbXVvVstq0jtuzau5pkVceGrht3hzGrwR2O+QAzJQEZQuGOsIZv2 r2ZNxSkdAAQqstbqkt1XyMSi+Hkwnoc+VmhXHoLCShg9M6+XtjX7VDaBevTkZbpm NgTeuS4aGQShT+3+jDXV =IpJs -----END PGP SIGNATURE----- _______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-devel
