From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: strongSwan 5.9.9 released, fixing CVE-2023-26463
Date: Mon, 06 Mar 2023 13:54:59 +0100
Message-ID: <7263de52-85eb-ee61-5a40-38cc4498ac69@ipfire.org>
In-Reply-To: <16ee9a74-851b-1b24-b550-314b46873396@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============8956608289290786607=="
List-Id: <development.lists.ipfire.org>

--===============8956608289290786607==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Peter,

On 05/03/2023 15:44, Peter M=C3=BCller wrote:
> Hello development folks,
>
> just for everyone's information:
>
> https://www.strongswan.org/blog/2023/03/02/strongswan-vulnerability-(cve-20=
23-26463).html
> https://www.strongswan.org/blog/2023/01/03/strongswan-5.9.9-released.html
>
> To the best of my understanding, IPFire is affected by CVE-2023-26463
> (since the respective strongSwan plugins are loaded), but not vulnerable,
> since such authentication cannot be configured via the web interface.
> However, any installations running customized IPsec connections might be
> affected by this.
>
> Any volounteers for updating strongSwan? Thank you in advance. :-)

I will pick this up if someone else hasn't already started working on it.

Regards,

Adolf.

> All the best,
> Peter M=C3=BCller

--===============8956608289290786607==--