Version in base suite: 5.9.8-5 Base version: strongswan_5.9.8-5 Target version: strongswan_5.9.8-5+deb12u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/strongswan/strongswan_5.9.8-5.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/s/strongswan/strongswan_5.9.8-5+deb12u1.dsc changelog | 7 + patches/0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch | 37 ++++++++++ patches/series | 1 po/cs.po | 2 po/da.po | 2 po/de.po | 2 po/es.po | 2 po/eu.po | 2 po/fi.po | 2 po/fr.po | 2 po/gl.po | 2 po/it.po | 2 po/ja.po | 2 po/nb.po | 2 po/nl.po | 2 po/pl.po | 2 po/pt.po | 2 po/pt_BR.po | 2 po/ru.po | 2 po/sv.po | 2 po/templates.pot | 2 po/tr.po | 2 po/vi.po | 2 23 files changed, 65 insertions(+), 20 deletions(-) diff -Nru strongswan-5.9.8/debian/changelog strongswan-5.9.8/debian/changelog --- strongswan-5.9.8/debian/changelog 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/changelog 2023-11-13 20:29:34.000000000 +0000 @@ -1,3 +1,10 @@ +strongswan (5.9.8-5+deb12u1) bookworm-security; urgency=medium + + * d/patches: add fix for CVE-2023-41913 in charon-tkm + Buffer Overflow When Handling DH Public Values + + -- Yves-Alexis Perez Mon, 13 Nov 2023 21:29:34 +0100 + strongswan (5.9.8-5) unstable; urgency=medium * No-change upload for source-only upload. diff -Nru strongswan-5.9.8/debian/patches/0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch strongswan-5.9.8/debian/patches/0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch --- strongswan-5.9.8/debian/patches/0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch 1970-01-01 00:00:00.000000000 +0000 +++ strongswan-5.9.8/debian/patches/0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch 2023-11-13 20:29:34.000000000 +0000 @@ -0,0 +1,37 @@ +From: Tobias Brunner +Date: Tue, 11 Jul 2023 12:12:25 +0200 +Subject: charon-tkm: Validate DH public key to fix potential buffer overflow + +Seems this was forgotten in the referenced commit and actually could lead +to a buffer overflow. Since charon-tkm is untrusted this isn't that +much of an issue but could at least be easily exploited for a DoS attack +as DH public values are set when handling IKE_SA_INIT requests. + +Fixes: 0356089d0f94 ("diffie-hellman: Verify public DH values in backends") +Fixes: CVE-2023-41913 +--- + src/charon-tkm/src/tkm/tkm_diffie_hellman.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +index 2b2d103..6999ad3 100644 +--- a/src/charon-tkm/src/tkm/tkm_diffie_hellman.c ++++ b/src/charon-tkm/src/tkm/tkm_diffie_hellman.c +@@ -70,11 +70,16 @@ METHOD(key_exchange_t, get_shared_secret, bool, + return TRUE; + } + +- + METHOD(key_exchange_t, set_public_key, bool, + private_tkm_diffie_hellman_t *this, chunk_t value) + { + dh_pubvalue_type othervalue; ++ ++ if (!key_exchange_verify_pubkey(this->group, value) || ++ value.len > sizeof(othervalue.data)) ++ { ++ return FALSE; ++ } + othervalue.size = value.len; + memcpy(&othervalue.data, value.ptr, value.len); + diff -Nru strongswan-5.9.8/debian/patches/series strongswan-5.9.8/debian/patches/series --- strongswan-5.9.8/debian/patches/series 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/patches/series 2023-11-13 20:29:34.000000000 +0000 @@ -3,3 +3,4 @@ 04_disable-libtls-tests.patch dont-load-kernel-libipsec-plugin-by-default.patch 0005-libtls-Fix-authentication-bypass-and-expired-pointer.patch +0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch diff -Nru strongswan-5.9.8/debian/po/cs.po strongswan-5.9.8/debian/po/cs.po --- strongswan-5.9.8/debian/po/cs.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/cs.po 2023-11-13 20:29:34.000000000 +0000 @@ -13,7 +13,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-10-28 14:42+0100\n" "Last-Translator: Miroslav Kure \n" "Language-Team: Czech \n" diff -Nru strongswan-5.9.8/debian/po/da.po strongswan-5.9.8/debian/po/da.po --- strongswan-5.9.8/debian/po/da.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/da.po 2023-11-13 20:29:34.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-10-06 12:42+0000\n" "Last-Translator: Joe Hansen \n" "Language-Team: Danish \n" diff -Nru strongswan-5.9.8/debian/po/de.po strongswan-5.9.8/debian/po/de.po --- strongswan-5.9.8/debian/po/de.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/de.po 2023-11-13 20:29:34.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: strongswan 4.4.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-11-02 15:40+0100\n" "Last-Translator: Helge Kreutzmann \n" "Language-Team: German \n" diff -Nru strongswan-5.9.8/debian/po/es.po strongswan-5.9.8/debian/po/es.po --- strongswan-5.9.8/debian/po/es.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/es.po 2023-11-13 20:29:34.000000000 +0000 @@ -31,7 +31,7 @@ msgstr "" "Project-Id-Version: strongswan 4.4.1-5\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-12-17 17:19-0300\n" "Last-Translator: Matías Bellone \n" "Language-Team: Debian l10n Spanish \n" diff -Nru strongswan-5.9.8/debian/po/eu.po strongswan-5.9.8/debian/po/eu.po --- strongswan-5.9.8/debian/po/eu.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/eu.po 2023-11-13 20:29:34.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: strongswan_4.4.1-5.1_eu\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-10-15 21:41+0200\n" "Last-Translator: Iñaki Larrañaga Murgoitio \n" "Language-Team: Basque \n" diff -Nru strongswan-5.9.8/debian/po/fi.po strongswan-5.9.8/debian/po/fi.po --- strongswan-5.9.8/debian/po/fi.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/fi.po 2023-11-13 20:29:34.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2009-05-25 14:49+0100\n" "Last-Translator: Esko Arajärvi \n" "Language-Team: Finnish \n" diff -Nru strongswan-5.9.8/debian/po/fr.po strongswan-5.9.8/debian/po/fr.po --- strongswan-5.9.8/debian/po/fr.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/fr.po 2023-11-13 20:29:34.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2010-06-24 22:17+0200\n" "Last-Translator: Christian Perrier \n" "Language-Team: French \n" diff -Nru strongswan-5.9.8/debian/po/gl.po strongswan-5.9.8/debian/po/gl.po --- strongswan-5.9.8/debian/po/gl.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/gl.po 2023-11-13 20:29:34.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: templates_[kI6655]\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2009-05-25 14:50+0100\n" "Last-Translator: marce villarino \n" "Language-Team: Galician \n" diff -Nru strongswan-5.9.8/debian/po/it.po strongswan-5.9.8/debian/po/it.po --- strongswan-5.9.8/debian/po/it.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/it.po 2023-11-13 20:29:34.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-11-09 13:41+0200\n" "Last-Translator: Beatrice Torracca \n" "Language-Team: Italian \n" diff -Nru strongswan-5.9.8/debian/po/ja.po strongswan-5.9.8/debian/po/ja.po --- strongswan-5.9.8/debian/po/ja.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/ja.po 2023-11-13 20:29:34.000000000 +0000 @@ -16,7 +16,7 @@ msgstr "" "Project-Id-Version: strongswan 4.4.1-4\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-02-07 21:28+0900\n" "Last-Translator: Hideki Yamane \n" "Language-Team: Japanese \n" diff -Nru strongswan-5.9.8/debian/po/nb.po strongswan-5.9.8/debian/po/nb.po --- strongswan-5.9.8/debian/po/nb.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/nb.po 2023-11-13 20:29:34.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: nb\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-10-06 17:37+0200\n" "Last-Translator: Bjørn Steensrud \n" "Language-Team: Norwegian Bokmål \n" diff -Nru strongswan-5.9.8/debian/po/nl.po strongswan-5.9.8/debian/po/nl.po --- strongswan-5.9.8/debian/po/nl.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/nl.po 2023-11-13 20:29:34.000000000 +0000 @@ -10,7 +10,7 @@ msgstr "" "Project-Id-Version: strongswan 4.5.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2014-09-24 18:39+0200\n" "Last-Translator: Frans Spiesschaert \n" "Language-Team: Debian Dutch l10n Team \n" diff -Nru strongswan-5.9.8/debian/po/pl.po strongswan-5.9.8/debian/po/pl.po --- strongswan-5.9.8/debian/po/pl.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/pl.po 2023-11-13 20:29:34.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: \n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2012-01-31 15:36+0100\n" "Last-Translator: Michał Kułach \n" "Language-Team: Polish \n" diff -Nru strongswan-5.9.8/debian/po/pt.po strongswan-5.9.8/debian/po/pt.po --- strongswan-5.9.8/debian/po/pt.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/pt.po 2023-11-13 20:29:34.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: strongswan 5.1.0-3\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-11-18 00:33+0000\n" "Last-Translator: Américo Monteiro \n" "Language-Team: Portuguese \n" diff -Nru strongswan-5.9.8/debian/po/pt_BR.po strongswan-5.9.8/debian/po/pt_BR.po --- strongswan-5.9.8/debian/po/pt_BR.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/pt_BR.po 2023-11-13 20:29:34.000000000 +0000 @@ -9,7 +9,7 @@ msgstr "" "Project-Id-Version: strongswan 5.1.3-4\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2014-06-25 18:13-0300\n" "Last-Translator: Adriano Rafael Gomes \n" "Language-Team: Brazilian Portuguese \n" "Language-Team: Russian \n" diff -Nru strongswan-5.9.8/debian/po/sv.po strongswan-5.9.8/debian/po/sv.po --- strongswan-5.9.8/debian/po/sv.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/sv.po 2023-11-13 20:29:34.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: strongswan_sv\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-10-07 09:05+0100\n" "Last-Translator: Martin Bagge / brother \n" "Language-Team: Swedish \n" diff -Nru strongswan-5.9.8/debian/po/templates.pot strongswan-5.9.8/debian/po/templates.pot --- strongswan-5.9.8/debian/po/templates.pot 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/templates.pot 2023-11-13 20:29:34.000000000 +0000 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" diff -Nru strongswan-5.9.8/debian/po/tr.po strongswan-5.9.8/debian/po/tr.po --- strongswan-5.9.8/debian/po/tr.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/tr.po 2023-11-13 20:29:34.000000000 +0000 @@ -7,7 +7,7 @@ msgstr "" "Project-Id-Version: strongswan\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2013-10-24 11:17+0200\n" "Last-Translator: Atila KOÇ \n" "Language-Team: Türkçe \n" diff -Nru strongswan-5.9.8/debian/po/vi.po strongswan-5.9.8/debian/po/vi.po --- strongswan-5.9.8/debian/po/vi.po 2023-03-03 17:56:58.000000000 +0000 +++ strongswan-5.9.8/debian/po/vi.po 2023-11-13 20:29:34.000000000 +0000 @@ -6,7 +6,7 @@ msgstr "" "Project-Id-Version: strongswan 4.4.0-1\n" "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n" -"POT-Creation-Date: 2023-03-03 19:01+0100\n" +"POT-Creation-Date: 2023-11-13 22:04+0100\n" "PO-Revision-Date: 2010-10-03 19:22+1030\n" "Last-Translator: Clytie Siddall \n" "Language-Team: Vietnamese \n"