Taken straight from the 4.4.1 announcement: " A potential remote code execution vulnerability resulting from the misuse of snprintf() was fixed. The vulnerability was introduced with the strongswan-4.3.3 release and is exploitable by unauthenticated users." Patches and new releases are available. Reproducible: Always
The 4.4.0 patch currently does not cleanly apply. Investigating this.
Updates sent to my proxy Markos Chandras. Closing this bug once the commit hits the tree. Summary: - bumping 4.3.6 to 4.3.7 which contains only the security fix - replacing 4.4.0 w/ 4.4.1 because there is currently no working standalone patch available
Bumped Affected versions removed. No need to call security team since there is no stable version for that Thank you for the ebuilds