ChangeLog for 2.6.2
This commit is contained in:
Michael Rash
parent
add2c913ab
commit
0c70c7db21
11
ChangeLog
11
ChangeLog
@ -1,3 +1,14 @@
|
|||||||
|
fwknop-2.6.2 (04/27/2014):
|
||||||
|
- [libfko] fix double free bug in SPA parser discovered with the new
|
||||||
|
python SPA payload fuzzer (see the 'spa_encoding_fuzzing' branch which
|
||||||
|
is not merged into the master branch yet). This bug could be triggered
|
||||||
|
in fwknopd with a malicious SPA payload, but only when GnuPG is used and
|
||||||
|
when an attacker is in possession of valid GnuPG keys listed in the
|
||||||
|
access.conf file. In other words, and arbitrary attacker cannot trigger
|
||||||
|
this bug. Further, when Rijndael is used for SPA packet encryption, this
|
||||||
|
bug cannot be triggered at all due to an length/format check towards the
|
||||||
|
end of _rijndael_decrypt().
|
||||||
|
|
||||||
fwknop-2.6.1 (04/12/2014):
|
fwknop-2.6.1 (04/12/2014):
|
||||||
- Updated copyright and authorship information to include a standard
|
- Updated copyright and authorship information to include a standard
|
||||||
header which references both the AUTHORS and CREDITS files. The
|
header which references both the AUTHORS and CREDITS files. The
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user