NEWS: Add info about CVE-2022-40617

author Tobias Brunner <tobias@strongswan.org>

Wed, 21 Sep 2022 08:32:59 +0000 (10:32 +0200)

committer Tobias Brunner <tobias@strongswan.org>

Mon, 3 Oct 2022 08:48:46 +0000 (10:48 +0200)
author Tobias Brunner <tobias@strongswan.org>
Wed, 21 Sep 2022 08:32:59 +0000 (10:32 +0200)
committer Tobias Brunner <tobias@strongswan.org>
Mon, 3 Oct 2022 08:48:46 +0000 (10:48 +0200)
diff --git a/NEWS b/NEWS

index 699f8531dcbce88db7d75d987722ab6a24352d16..b671fc8ca1e117f3ca2b70a12b4b3ae4b9c4da2d 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
  strongswan-5.9.8
  ----------------
  
+- Fixed a vulnerability related to accessing untrusted OCSP URIs and CDPs in
+  certificates that could lead to a denial-of-service attack.
+  This vulnerability has been registered as CVE-2022-40617.
+
  - The pki --scep|--scepca commands support the HTTP-based "Simple Certificate
    Enrollment Protocol" (RFC 8894 SCEP) replacing the old and long deprecated
    scepclient that has been removed.
author	Tobias Brunner <tobias@strongswan.org>
	Wed, 21 Sep 2022 08:32:59 +0000 (10:32 +0200)
committer	Tobias Brunner <tobias@strongswan.org>
	Mon, 3 Oct 2022 08:48:46 +0000 (10:48 +0200)