Hi Daniel, On Fri, May 05, 2023 at 10:17:59AM +0200, Salvatore Bonaccorso wrote: > Source: libreswan > Version: 4.10-2 > Severity: important > Tags: security upstream > Forwarded: https://github.com/libreswan/libreswan/issues/1039 > X-Debbugs-Cc: [email protected], Debian Security Team > <[email protected]> > > Hi, > > The following vulnerability was published for libreswan. > > CVE-2023-30570[0]: > | Incorrect aggressive mode interaction causes the pluto daemon to > | crash > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2023-30570 > https://www.cve.org/CVERecord?id=CVE-2023-30570 > [1] https://github.com/libreswan/libreswan/issues/1039 > > Please adjust the affected versions in the BTS as needed.
Proposed changes at https://salsa.debian.org/debian/libreswan/-/merge_requests/3 The primary goal here is to make sure the changes land in bookworm, not evaluated yet for bullseye, but at first glance it might warrant a DSA. Regards, Salvatore
