From 4f560557b08dba49e469ff1390c1065cce9b8281 Mon Sep 17 00:00:00 2001
From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 20 Jan 2022 17:24:02 +0100
Subject: [PATCH] NEWS: Add info about CVE-2021-45079

---
 NEWS | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/NEWS b/NEWS
index 3fee3763a..d4bb926d4 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 strongswan-5.9.5
 ----------------
 
+- Fixed a vulnerability in the EAP client implementation that was caused by
+  incorrectly handling early EAP-Success messages. It may allow to bypass the
+  client and in some scenarios even the server authentication, or could lead to
+  a denial-of-service attack.
+  This vulnerability has been registered as CVE-2021-45079.
+
 - Using the trusted RSA or ECC Endorsement Key of the TPM 2.0, libtpmtss may now
   establish a secure session via RSA encryption or an ephemeral ECDH key
   exchange, respectively. The session allows HMAC-based authenticated
-- 
2.47.3