oss-sec mailing list archives
Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40
From: cve-assign () mitre org
Date: Thu, 20 Feb 2014 00:15:11 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
openswan-2.6.40 (released Feb 14) was supposed to address CVE-2013-6466 (which also affected libreswan as per CVE-2013-6467) but the fix is incomplete and openswan can still crashed using mangled or missing IKEv2 payloads.
Use CVE-2014-2037. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJTBY7oAAoJEKllVAevmvmsWv4IAMg8NTfLA7HMt7U2ADHuVLpX htKO2JV7dXuFgiHj6WCjs5DCIlVALDLFqjbqC0MjDFEX/NPRuMxq+C+yYIurq+mS YXsIZqsJaPm5sX4aJ1KlFlt1eWpPjdpBicaxE5g83kc38Cip0DxER0ZSPuPt8+o7 302LY4lIkRLbTcrNCGjJjatj1VVskaWqMDTZSzS4tqIuBmGBUjaEBr+3BDHy6k4q 6hUMzpIf/slDG9d+NUTxu2tx1tcuPRvHC8R22W6MVd/zKegYcNfGpczBe0upRpz3 1UkzZCKN5Zo7TuOKSByV82QGp7md/HBuL+Jmvw3ZQB0tr0MgvoOC2r3i5iYGtU8= =X4Ym -----END PGP SIGNATURE-----
Current thread:
- CVE request for unfixed CVE-2013-6466 in openswan-2.6.40 Paul Wouters (Feb 18)
- Re: CVE request for unfixed CVE-2013-6466 in openswan-2.6.40 cve-assign (Feb 19)