Control: tags -1 - patch Hi Daniel,
On Sun, May 07, 2023 at 08:24:37PM +0200, Salvatore Bonaccorso wrote: > Control: tags -1 + patch > > Hi Daniel, > > On Sat, May 06, 2023 at 10:44:48PM +0200, Salvatore Bonaccorso wrote: > > Hi Daniel, > > > > On Fri, May 05, 2023 at 10:17:59AM +0200, Salvatore Bonaccorso wrote: > > > Source: libreswan > > > Version: 4.10-2 > > > Severity: important > > > Tags: security upstream > > > Forwarded: https://github.com/libreswan/libreswan/issues/1039 > > > X-Debbugs-Cc: car...@debian.org, Debian Security Team > > > <t...@security.debian.org> > > > > > > Hi, > > > > > > The following vulnerability was published for libreswan. > > > > > > CVE-2023-30570[0]: > > > | Incorrect aggressive mode interaction causes the pluto daemon to > > > | crash > > > > > > If you fix the vulnerability please also make sure to include the > > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > > > > > For further information see: > > > > > > [0] https://security-tracker.debian.org/tracker/CVE-2023-30570 > > > https://www.cve.org/CVERecord?id=CVE-2023-30570 > > > [1] https://github.com/libreswan/libreswan/issues/1039 > > > > > > Please adjust the affected versions in the BTS as needed. > > > > Proposed changes at > > https://salsa.debian.org/debian/libreswan/-/merge_requests/3 > > > > The primary goal here is to make sure the changes land in bookworm, > > not evaluated yet for bullseye, but at first glance it might warrant a > > DSA. > > Attached as well the corresponding debdiff (please double-check). I believe I have not a complete patchset now. The full list of commits would be: https://github.com/libreswan/libreswan/commit/0250b5349145f6ac6b9c58e196489f7d048de305 https://github.com/libreswan/libreswan/commit/a31bf33593e6a15bf1ad1b79ff6bb177a4d39f2c https://github.com/libreswan/libreswan/commit/f32feb1dd71e4a69636d9d7efbd1ff441acde9d6 https://github.com/libreswan/libreswan/commit/ceaabbd3f7f89712d85ec128c42d75d725879ad2 https://github.com/libreswan/libreswan/commit/b77dc3483996a28703c4ff21225f4f541543f0f1 Time is becoming tight for having it included in bookworm. Would you appreicate a NMU? Regards, Salvatore