[Bug 2125990] Re: Merge strongswan from Debian Unstable for r-series

Tue, 20 Jan 2026 14:27:07 -0800 

This bug was fixed in the package strongswan - 6.0.4-1ubuntu1

---------------
strongswan (6.0.4-1ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2125990). Remaining changes:
    - d/control: strongswan-starter hard-depends on strongswan-charon,
      therefore bump the dependency from Recommends to Depends. At the same
      time avoid a circular dependency by dropping
      strongswan-charon->strongswan-starter from Depends to Recommends as the
      binaries can work without the services but not vice versa.
    - Re-enable eap-{dynamic,peap} libcharon plugins (LP #1878887)
      + d/control: update libcharon-extra-plugins description.
      + d/libcharon-extra-plugins.install: install .so and conf files.
      + d/rules: add plugins to the configuration arguments.
    - d/t/{control,host-to-host,utils}: new host-to-host test (LP #1999525)
    - d/usr.sbin.swanctl: allow "m" flag for /usr/sbin/swanctl (LP #1999935)
  * Dropped changes:
    - Cherry-pick upstream commits to fix FTBFS with GCC-15 C23.
      [applied in 6.0.2]
      + debian/patches/gcc15-compat/*
    - d/t/host-to-host: disable DNSSEC via negative trust anchor for lxd domain
      (LP #2119652)
      [not needed anymore, as DNSSEC allow-downgrade was dropped by default]
    - SECURITY UPDATE: Buffer Overflow When Handling EAP-MSCHAPv2 Failure.
      Requests
      [applied in 6.0.3]
      + debian/patches/CVE-2025-62291.patch: fix length check for Failure
        Request packets on the client in
        src/libcharon/plugins/eap_mschapv2/eap_mschapv2.c.

strongswan (6.0.4-1) unstable; urgency=medium

  * New upstream version 6.0.4 (Closes: #1122971)
    - Fix CVE-2025-9615 in the network manager plugin (potential usage of
    other users credentials).

strongswan (6.0.3-1) unstable; urgency=medium

  * New upstream version 6.0.3
    - Fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291)

strongswan (6.0.2-1) unstable; urgency=medium

  * New upstream version 6.0.2
    - Fix support with OpenSSL 3.5.1+ (Closes: #1109942)
  * install iptfs configuration in libstrongswan
  * d/copyright updated with decopy

 -- Lukas Märdian <[email protected]>  Tue, 20 Jan 2026 09:58:16 +0100

** Changed in: strongswan (Ubuntu)
       Status: Fix Committed => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-62291

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2125990

Title:
  Merge strongswan from Debian Unstable for r-series

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/strongswan/+bug/2125990/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to