From: Tobias Brunner <tobias@strongswan.org>
Date: Thu, 20 Jan 2022 16:24:02 +0000 (+0100)
Subject: NEWS: Add info about CVE-2021-45079
X-Git-Tag: 5.9.5~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4f560557b08dba49e469ff1390c1065cce9b8281;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2021-45079
---

diff --git a/NEWS b/NEWS
index 3fee3763a9..d4bb926d43 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 strongswan-5.9.5
 ----------------
 
+- Fixed a vulnerability in the EAP client implementation that was caused by
+  incorrectly handling early EAP-Success messages. It may allow to bypass the
+  client and in some scenarios even the server authentication, or could lead to
+  a denial-of-service attack.
+  This vulnerability has been registered as CVE-2021-45079.
+
 - Using the trusted RSA or ECC Endorsement Key of the TPM 2.0, libtpmtss may now
   establish a secure session via RSA encryption or an ephemeral ECDH key
   exchange, respectively. The session allows HMAC-based authenticated