From: Tobias Brunner <tobias@strongswan.org>
Date: Fri, 24 Oct 2025 13:22:53 +0000 (+0200)
Subject: NEWS: Add info about CVE-2025-62291
X-Git-Tag: 6.0.3~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=1014d74e4b51c777f6cf81db86655fdea0613f61;p=thirdparty%2Fstrongswan.git

NEWS: Add info about CVE-2025-62291
---

diff --git a/NEWS b/NEWS
index 916f279018..ce3cdd2570 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
 strongswan-6.0.3
 ----------------
 
+- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
+  Request packets on the client that can lead to a heap-based buffer overflow
+  and potentially remote code execution.
+  This vulnerability has been registered as CVE-2025-62291.
+
 - The new `alert` event for vici is raised for certain error conditions.
 
 - Only plugins with matching version number are loaded by programs.