From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 15 Nov 2023 13:23:56 +0000 (+0100)
Subject: NEWS: Add info about CVE-2023-41913
X-Git-Tag: 5.9.12~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=46aa264430e37de5843697c90bf168bb7203d07f;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2023-41913
---

diff --git a/NEWS b/NEWS
index c75bf1f140..6c50f1fcbd 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,10 @@
 strongswan-5.9.12
 -----------------
 
+- Fixed a vulnerability in charon-tkm related to processing DH public values
+  that can lead to a buffer overflow and potentially remote code execution.
+  This vulnerability has been registered as CVE-2023-41913.
+
 - The new `pki --ocsp` command produces OCSP responses based on certificate
   status information provided by plugins.