+strongswan-6.0.6
+----------------
+
+- CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of
+ the supported_versions extension in TLS that can result in an infinite loop.
+
+- CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin
+ related to the processing of encrypted PKCS#7 containers that can result in
+ a crash.
+
+- CVE-2026-35330 - Fixed a vulnerability in in libsimaka related to the
+ processing of certain EAP-SIM/AKA attributes that can result in an infinite
+ loop or a heap-based buffer overflow and potentially remote code execution.
+
+- CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to
+ the processing of X.509 name constraints that can allow authentication with
+ certificates that violate the constraints.
+
+- CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of
+ ECDH public values in TLS < 1.3 that can result in a crash.
+
+- CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing
+ of RADIUS attributes that can result in an infinite loop or an out-of-bounds
+ read that may cause a crash.
+
+- CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA
+ decryption that can result in a crash.
+
+- Made the Botan RNG types used/provided by the botan plugin configurable.
+
+- The fix for the vulnerability in the constraints plugin now causes all
+ certificates that contain excluded name constraints of type directoryName (DN)
+ to get rejected.
+
+
strongswan-6.0.5
----------------
projects / thirdparty / strongswan.git / commitdiff
