From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 24 Feb 2023 15:07:38 +0000 (+0100)
Subject: NEWS: Add info about CVE-2023-26463
X-Git-Tag: 5.9.10~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ed839b3067566210484fbad879c7e8c9865c940b;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2023-26463
---

diff --git a/NEWS b/NEWS
index 9945180335..1a87c3c6a5 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,12 @@
 strongswan-5.9.10
 -----------------
 
+- Fixed a vulnerability related to certificate verification in TLS-based EAP
+  methods that leads to an authentication bypass followed by an expired pointer
+  dereference that results in a denial of service and possibly even remote code
+  execution.
+  This vulnerability has been registered as CVE-2023-26463.
+
 - Added support for full packet hardware offload for IPsec SAs and policies with
   Linux 6.2 kernels to the kernel-netlink plugin.