Hi Peter,

On 05/03/2023 15:44, Peter Müller wrote:
> Hello development folks,
>
> just for everyone's information:
>
> https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-2023-26463).html
> https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
>
> To the best of my understanding, IPFire is affected by CVE-2023-26463
> (since the respective strongSwan plugins are loaded), but not vulnerable,
> since such authentication cannot be configured via the web interface.
> However, any installations running customized IPsec connections might be
> affected by this.
>
> Any volounteers for updating strongSwan? Thank you in advance. :-)

I will pick this up if someone else hasn't already started working on it.

Regards,

Adolf.

> All the best,
> Peter Müller