-
ipsec-tools (1:0.7-2.1ubuntu1.9.04.2) jaunty-proposed; urgency=low
* src/racoon/ipsec_doi.c: Patched to fix segfault when using
ipv6 addresses in sainfo section of racoon.conf. Thanks to
Fredrik Ljunggren. (LP: #374185)
-- Chuck Short <email address hidden> Mon, 09 Nov 2009 09:26:42 -0500
-
ipsec-tools (1:0.7-2.1ubuntu1.9.04.1) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service via fragmented packets without a
payload.
- src/racoon/isakmp_frag.c: validate size of payload data.
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.4&r2=1.4.6.1&f=h
- CVE-2009-1574
* SECURITY UPDATE: denial of service via multiple memory leaks.
- src/racoon/crypto_openssl.c: call X509_free().
- src/racoon/nattraversal.c: add new natt_keepalive_delete() function
that also frees ka->src and ka->dst.
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/crypto_openssl.c.diff?r1=1.11.6.4&r2=1.11.6.5&f=u
- http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/nattraversal.c.diff?r1=1.6&r2=1.6.6.1&f=u
- CVE-2009-1632
-- Marc Deslauriers <email address hidden> Thu, 04 Jun 2009 14:10:48 -0400
-
ipsec-tools (1:0.7-2.1ubuntu1) intrepid; urgency=low
* Merge from debian unstable, remaining changes:
- debian/control:
- Set Ubuntu maintainer address.
- Depend on lsb-base.
- debian/ipsec-tools.setkey.init:
- LSB init script.
* Dropped:
- debian/ipsec-tools.setkey.init:
- restart method: stop then start.
- Use {} instead of () in usage (bash_completion).
- debian/racoon.init:
- Create /var/run/racoon.
- Use {} instead of () in usage (bash_completion).
* Bug fixed by this merge:
- fix XAuth with U-FQDN (LP: #234166).
* Enable build with hardened options:
- src/libipsec/policy_token.c: don't check return code of fwrite.
- src/setkey/setkey.c: stop scanning stdin if fgets fails.
-- Mathias Gug <email address hidden> Wed, 18 Jun 2008 17:34:55 -0400