From d996c4514190777e9267eff62168b760617bf88c Mon Sep 17 00:00:00 2001 From: Michael Rash Date: Mon, 28 Apr 2014 20:26:05 -0400 Subject: [PATCH] minor 2.6.2 release date change --- ChangeLog | 7 ++++--- fwknop.spec | 2 +- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8120ab30..41b39bc8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,13 +1,14 @@ -fwknop-2.6.2 (04/27/2014): +fwknop-2.6.2 (04/28/2014): - [libfko] fix double free bug in SPA parser discovered with the new python SPA payload fuzzer (see the 'spa_encoding_fuzzing' branch which is not merged into the master branch yet). This bug could be triggered in fwknopd with a malicious SPA payload, but only when GnuPG is used and when an attacker is in possession of valid GnuPG keys listed in the - access.conf file. In other words, and arbitrary attacker cannot trigger + access.conf file. In other words, an arbitrary attacker cannot trigger this bug. Further, when Rijndael is used for SPA packet encryption, this bug cannot be triggered at all due to an length/format check towards the - end of _rijndael_decrypt(). + end of _rijndael_decrypt(). This bug was introduced in the 2.6.1 + development series, and no previous versions of fwknop are affected. fwknop-2.6.1 (04/12/2014): - Updated copyright and authorship information to include a standard diff --git a/fwknop.spec b/fwknop.spec index 2f7cbae5..0b8e5cdb 100644 --- a/fwknop.spec +++ b/fwknop.spec @@ -142,7 +142,7 @@ fi %config(noreplace) %attr(0600,root,root) %{_sysconfdir}/fwknop/access.conf %changelog -* Sun Apr 27 2014 - 2.6.2 +* Mon Apr 28 2014 - 2.6.2 - fwknop-2.6.2 release. * Sat Apr 12 2014 - 2.6.1