Source: libreswan Version: 3.29-2 Severity: important Tags: security upstream Control: found -1 3.27-6
Hi, The following vulnerability was published for libreswan. CVE-2020-1763[0]: | An out-of-bounds buffer read flaw was found in the pluto daemon of | libreswan from versions 3.27 till 3.31 where, an unauthenticated | attacker could use this flaw to crash libreswan by sending specially- | crafted IKEv1 Informational Exchange packets. The daemon respawns | after the crash. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-1763 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1763 [1] https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt Please adjust the affected versions in the BTS as needed. Regards, Salvatore