Hi! Attached as well the debdiff as prepared for buster-security.
Regards, Salvatore
diff -Nru libreswan-3.27/debian/changelog libreswan-3.27/debian/changelog --- libreswan-3.27/debian/changelog 2019-06-11 00:04:05.000000000 +0200 +++ libreswan-3.27/debian/changelog 2020-05-12 22:59:59.000000000 +0200 @@ -1,3 +1,11 @@ +libreswan (3.27-6+deb10u1) buster-security; urgency=high + + * Non-maintainer upload by the Security Team. + * DoS attack via malicious IKEv1 informational exchange message + (CVE-2020-1763) (Closes: #960458) + + -- Salvatore Bonaccorso <car...@debian.org> Tue, 12 May 2020 22:59:59 +0200 + libreswan (3.27-6) unstable; urgency=medium * fix CVE-2019-10155 (closes: #930338) diff -Nru libreswan-3.27/debian/patches/0009-security-Fix-for-CVE-2020-1763.patch libreswan-3.27/debian/patches/0009-security-Fix-for-CVE-2020-1763.patch --- libreswan-3.27/debian/patches/0009-security-Fix-for-CVE-2020-1763.patch 1970-01-01 01:00:00.000000000 +0100 +++ libreswan-3.27/debian/patches/0009-security-Fix-for-CVE-2020-1763.patch 2020-05-12 22:59:59.000000000 +0200 @@ -0,0 +1,28 @@ +From: "D. Hugh Redelmeier" <h...@mimosa.com> +Date: Thu, 19 Mar 2020 14:21:06 -0400 +Subject: security: Fix for CVE-2020-1763 +Origin: https://github.com/libreswan/libreswan/commit/471a3e41a449d7c753bc4edbba4239501bb62ba8 +Bug-Debian: https://bugs.debian.org/960458 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-1763 + +pluto will crash on a null pointer dereference when trying to log an error +for an IKEv1 packet containing bogus information and/or flags. + +Signed-off-by: Paul Wouters <pwout...@redhat.com> +[Salvatore Bonaccorso: Backport to 3.27 based on +https://libreswan.org/security/CVE-2020-1763/CVE-2020-1763.txt advisory] +--- + programs/pluto/ikev1.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/programs/pluto/ikev1.c ++++ b/programs/pluto/ikev1.c +@@ -2047,7 +2047,7 @@ void process_packet_tail(struct msg_dige + "%smessage ignored because it contains a payload type (%s) unexpected by state %s", + excuse, + enum_show(&ikev1_payload_names, np), +- st->st_state_name); ++ (st == NULL) ? "<no state>" : st->st_state_name); + if (!md->encrypted) { + SEND_NOTIFICATION(INVALID_PAYLOAD_TYPE); + } diff -Nru libreswan-3.27/debian/patches/series libreswan-3.27/debian/patches/series --- libreswan-3.27/debian/patches/series 2019-06-11 00:04:05.000000000 +0200 +++ libreswan-3.27/debian/patches/series 2020-05-12 22:59:59.000000000 +0200 @@ -6,3 +6,4 @@ 0006-sort-all-wildcarded-object-files-for-reproducibility.patch 0007-libreswan-3.27-CVE-2019-12312.patch 0008-Resolve-CVE-2019-10155-IKEv1-Informational-exchange-.patch +0009-security-Fix-for-CVE-2020-1763.patch
