Version in base suite: 5.9.8-5+deb12u2

Base version: strongswan_5.9.8-5+deb12u2
Target version: strongswan_5.9.8-5+deb12u3
Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/strongswan/strongswan_5.9.8-5+deb12u2.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/s/strongswan/strongswan_5.9.8-5+deb12u3.dsc

 changelog                                                               |    6 +
 patches/0008-eap-ttls-Prevent-crash-if-AVP-length-header-field-is.patch |   42 ++++++++++
 patches/series                                                          |    1 
 po/cs.po                                                                |    2 
 po/da.po                                                                |    2 
 po/de.po                                                                |    2 
 po/es.po                                                                |    2 
 po/eu.po                                                                |    2 
 po/fi.po                                                                |    2 
 po/fr.po                                                                |    2 
 po/gl.po                                                                |    2 
 po/it.po                                                                |    2 
 po/ja.po                                                                |    2 
 po/nb.po                                                                |    2 
 po/nl.po                                                                |    2 
 po/pl.po                                                                |    2 
 po/pt.po                                                                |    2 
 po/pt_BR.po                                                             |    2 
 po/ru.po                                                                |    2 
 po/sv.po                                                                |    2 
 po/templates.pot                                                        |    2 
 po/tr.po                                                                |    2 
 po/vi.po                                                                |    2 
 23 files changed, 69 insertions(+), 20 deletions(-)

dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp5pqgi1yd/strongswan_5.9.8-5+deb12u2.dsc: no acceptable signature found
dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmp5pqgi1yd/strongswan_5.9.8-5+deb12u3.dsc: no acceptable signature found
diff -Nru strongswan-5.9.8/debian/changelog strongswan-5.9.8/debian/changelog
--- strongswan-5.9.8/debian/changelog	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/changelog	2026-03-18 07:53:16.000000000 +0000
@@ -1,3 +1,9 @@
+strongswan (5.9.8-5+deb12u3) bookworm-security; urgency=medium
+
+  * d/patch: fix integer overflow in EAP-TTLS plugin (CVE-2026-25075)
+
+ -- Yves-Alexis Perez <corsac@debian.org>  Wed, 18 Mar 2026 08:53:16 +0100
+
 strongswan (5.9.8-5+deb12u2) bookworm-security; urgency=medium
 
   * d/patches: add fix for buffer overflow in EAP-MSCHAPv2 (CVE-2025-62291)
diff -Nru strongswan-5.9.8/debian/patches/0008-eap-ttls-Prevent-crash-if-AVP-length-header-field-is.patch strongswan-5.9.8/debian/patches/0008-eap-ttls-Prevent-crash-if-AVP-length-header-field-is.patch
--- strongswan-5.9.8/debian/patches/0008-eap-ttls-Prevent-crash-if-AVP-length-header-field-is.patch	1970-01-01 00:00:00.000000000 +0000
+++ strongswan-5.9.8/debian/patches/0008-eap-ttls-Prevent-crash-if-AVP-length-header-field-is.patch	2026-03-18 07:53:16.000000000 +0000
@@ -0,0 +1,42 @@
+From: Tobias Brunner <tobias@strongswan.org>
+Date: Thu, 5 Mar 2026 12:43:12 +0100
+Subject: eap-ttls: Prevent crash if AVP length header field is invalid
+
+The length field in the AVP header includes the 8 bytes of the header
+itself.  Not checking for that and later subtracting it causes an
+integer underflow that usually triggers a crash when accessing a
+NULL pointer that resulted from the failing chunk_alloc() call because
+of the high value.
+
+The attempted allocations for invalid lengths (0-7) are 0xfffffff8,
+0xfffffffc, or 0x100000000 (0 on 32-bit hosts), so this doesn't result
+in a buffer overflow even if the allocation succeeds.
+
+Fixes: 79f2102cb442 ("implemented server side support for EAP-TTLS")
+Fixes: CVE-2026-25075
+---
+ src/libcharon/plugins/eap_ttls/eap_ttls_avp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
+index 06389f7..2983bd0 100644
+--- a/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
++++ b/src/libcharon/plugins/eap_ttls/eap_ttls_avp.c
+@@ -119,7 +119,7 @@ METHOD(eap_ttls_avp_t, process, status_t,
+ 		chunk_free(&this->input);
+ 		this->inpos = 0;
+ 
+-		if (!success)
++		if (!success || avp_len < AVP_HEADER_LEN)
+ 		{
+ 			DBG1(DBG_IKE, "received invalid AVP header");
+ 			return FAILED;
+@@ -130,7 +130,7 @@ METHOD(eap_ttls_avp_t, process, status_t,
+ 			return FAILED;
+ 		}
+ 		this->process_header = FALSE;
+-		this->data_len = avp_len - 8;
++		this->data_len = avp_len - AVP_HEADER_LEN;
+ 		this->input = chunk_alloc(this->data_len + (4 - avp_len) % 4);
+ 	}
+ 
diff -Nru strongswan-5.9.8/debian/patches/series strongswan-5.9.8/debian/patches/series
--- strongswan-5.9.8/debian/patches/series	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/patches/series	2026-03-18 07:53:16.000000000 +0000
@@ -5,3 +5,4 @@
 0005-libtls-Fix-authentication-bypass-and-expired-pointer.patch
 0006-charon-tkm-Validate-DH-public-key-to-fix-potential-b.patch
 0007-eap-mschapv2-Fix-length-check-for-Failure-Request-pa.patch
+0008-eap-ttls-Prevent-crash-if-AVP-length-header-field-is.patch
diff -Nru strongswan-5.9.8/debian/po/cs.po strongswan-5.9.8/debian/po/cs.po
--- strongswan-5.9.8/debian/po/cs.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/cs.po	2026-03-18 07:53:16.000000000 +0000
@@ -13,7 +13,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-28 14:42+0100\n"
 "Last-Translator: Miroslav Kure <kurem@debian.cz>\n"
 "Language-Team: Czech <debian-l10n-czech@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/da.po strongswan-5.9.8/debian/po/da.po
--- strongswan-5.9.8/debian/po/da.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/da.po	2026-03-18 07:53:16.000000000 +0000
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-06 12:42+0000\n"
 "Last-Translator: Joe Hansen <joedalton2@yahoo.dk>\n"
 "Language-Team: Danish <dansk@dansk-gruppen.dk>\n"
diff -Nru strongswan-5.9.8/debian/po/de.po strongswan-5.9.8/debian/po/de.po
--- strongswan-5.9.8/debian/po/de.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/de.po	2026-03-18 07:53:16.000000000 +0000
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 4.4.0-1\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-11-02 15:40+0100\n"
 "Last-Translator: Helge Kreutzmann <debian@helgefjell.de>\n"
 "Language-Team: German <debian-l10n-german@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/es.po strongswan-5.9.8/debian/po/es.po
--- strongswan-5.9.8/debian/po/es.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/es.po	2026-03-18 07:53:16.000000000 +0000
@@ -31,7 +31,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 4.4.1-5\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-12-17 17:19-0300\n"
 "Last-Translator: Matías Bellone <matiasbellone+debian@gmail.com>\n"
 "Language-Team: Debian l10n Spanish <debian-l10n-spanish@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/eu.po strongswan-5.9.8/debian/po/eu.po
--- strongswan-5.9.8/debian/po/eu.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/eu.po	2026-03-18 07:53:16.000000000 +0000
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: strongswan_4.4.1-5.1_eu\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-15 21:41+0200\n"
 "Last-Translator: Iñaki Larrañaga Murgoitio <dooteo@zundan.com>\n"
 "Language-Team: Basque <librezale@librezale.org>\n"
diff -Nru strongswan-5.9.8/debian/po/fi.po strongswan-5.9.8/debian/po/fi.po
--- strongswan-5.9.8/debian/po/fi.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/fi.po	2026-03-18 07:53:16.000000000 +0000
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2009-05-25 14:49+0100\n"
 "Last-Translator: Esko Arajärvi <edu@iki.fi>\n"
 "Language-Team: Finnish <debian-l10n-finnish@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/fr.po strongswan-5.9.8/debian/po/fr.po
--- strongswan-5.9.8/debian/po/fr.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/fr.po	2026-03-18 07:53:16.000000000 +0000
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2010-06-24 22:17+0200\n"
 "Last-Translator: Christian Perrier <bubulle@debian.org>\n"
 "Language-Team: French <debian-l10n-french@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/gl.po strongswan-5.9.8/debian/po/gl.po
--- strongswan-5.9.8/debian/po/gl.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/gl.po	2026-03-18 07:53:16.000000000 +0000
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: templates_[kI6655]\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2009-05-25 14:50+0100\n"
 "Last-Translator: marce villarino <mvillarino@users.sourceforge.net>\n"
 "Language-Team: Galician <proxecto@trasno.ent>\n"
diff -Nru strongswan-5.9.8/debian/po/it.po strongswan-5.9.8/debian/po/it.po
--- strongswan-5.9.8/debian/po/it.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/it.po	2026-03-18 07:53:16.000000000 +0000
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-11-09 13:41+0200\n"
 "Last-Translator: Beatrice Torracca <beatricet@libero.it>\n"
 "Language-Team: Italian <debian-l10n-italian@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/ja.po strongswan-5.9.8/debian/po/ja.po
--- strongswan-5.9.8/debian/po/ja.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/ja.po	2026-03-18 07:53:16.000000000 +0000
@@ -16,7 +16,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 4.4.1-4\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-02-07 21:28+0900\n"
 "Last-Translator: Hideki Yamane <henrich@debian.org>\n"
 "Language-Team: Japanese <debian-japanese@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/nb.po strongswan-5.9.8/debian/po/nb.po
--- strongswan-5.9.8/debian/po/nb.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/nb.po	2026-03-18 07:53:16.000000000 +0000
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: nb\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-06 17:37+0200\n"
 "Last-Translator: Bjørn Steensrud <bjornst@skogkatt.homelinux.org>\n"
 "Language-Team: Norwegian Bokmål <i18n-nb@lister.ping.uio.no>\n"
diff -Nru strongswan-5.9.8/debian/po/nl.po strongswan-5.9.8/debian/po/nl.po
--- strongswan-5.9.8/debian/po/nl.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/nl.po	2026-03-18 07:53:16.000000000 +0000
@@ -10,7 +10,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 4.5.0-1\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2014-09-24 18:39+0200\n"
 "Last-Translator: Frans Spiesschaert <Frans.Spiesschaert@yucom.be>\n"
 "Language-Team: Debian Dutch l10n Team <debian-l10n-dutch@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/pl.po strongswan-5.9.8/debian/po/pl.po
--- strongswan-5.9.8/debian/po/pl.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/pl.po	2026-03-18 07:53:16.000000000 +0000
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2012-01-31 15:36+0100\n"
 "Last-Translator: Michał Kułach <michal.kulach@gmail.com>\n"
 "Language-Team: Polish <debian-l10n-polish@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/pt.po strongswan-5.9.8/debian/po/pt.po
--- strongswan-5.9.8/debian/po/pt.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/pt.po	2026-03-18 07:53:16.000000000 +0000
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 5.1.0-3\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-11-18 00:33+0000\n"
 "Last-Translator: Américo Monteiro <a_monteiro@gmx.com>\n"
 "Language-Team: Portuguese <traduz@debianpt.org>\n"
diff -Nru strongswan-5.9.8/debian/po/pt_BR.po strongswan-5.9.8/debian/po/pt_BR.po
--- strongswan-5.9.8/debian/po/pt_BR.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/pt_BR.po	2026-03-18 07:53:16.000000000 +0000
@@ -9,7 +9,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 5.1.3-4\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2014-06-25 18:13-0300\n"
 "Last-Translator: Adriano Rafael Gomes <adrianorg@arg.eti.br>\n"
 "Language-Team: Brazilian Portuguese <debian-l10n-"
diff -Nru strongswan-5.9.8/debian/po/ru.po strongswan-5.9.8/debian/po/ru.po
--- strongswan-5.9.8/debian/po/ru.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/ru.po	2026-03-18 07:53:16.000000000 +0000
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 5.1.0-1\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-07 19:08+0400\n"
 "Last-Translator: Yuri Kozlov <yuray@komyakino.ru>\n"
 "Language-Team: Russian <debian-l10n-russian@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/sv.po strongswan-5.9.8/debian/po/sv.po
--- strongswan-5.9.8/debian/po/sv.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/sv.po	2026-03-18 07:53:16.000000000 +0000
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: strongswan_sv\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-07 09:05+0100\n"
 "Last-Translator: Martin Bagge / brother <brother@bsnet.se>\n"
 "Language-Team: Swedish <debian-l10n-swedish@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/templates.pot strongswan-5.9.8/debian/po/templates.pot
--- strongswan-5.9.8/debian/po/templates.pot	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/templates.pot	2026-03-18 07:53:16.000000000 +0000
@@ -8,7 +8,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
diff -Nru strongswan-5.9.8/debian/po/tr.po strongswan-5.9.8/debian/po/tr.po
--- strongswan-5.9.8/debian/po/tr.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/tr.po	2026-03-18 07:53:16.000000000 +0000
@@ -7,7 +7,7 @@
 msgstr ""
 "Project-Id-Version: strongswan\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2013-10-24 11:17+0200\n"
 "Last-Translator: Atila KOÇ <koc@artielektronik.com.tr>\n"
 "Language-Team: Türkçe <debian-l10n-turkish@lists.debian.org>\n"
diff -Nru strongswan-5.9.8/debian/po/vi.po strongswan-5.9.8/debian/po/vi.po
--- strongswan-5.9.8/debian/po/vi.po	2025-10-15 10:21:12.000000000 +0000
+++ strongswan-5.9.8/debian/po/vi.po	2026-03-18 07:53:16.000000000 +0000
@@ -6,7 +6,7 @@
 msgstr ""
 "Project-Id-Version: strongswan 4.4.0-1\n"
 "Report-Msgid-Bugs-To: strongswan@packages.debian.org\n"
-"POT-Creation-Date: 2025-10-22 18:39+0200\n"
+"POT-Creation-Date: 2026-03-18 08:53+0100\n"
 "PO-Revision-Date: 2010-10-03 19:22+1030\n"
 "Last-Translator: Clytie Siddall <clytie@riverland.net.au>\n"
 "Language-Team: Vietnamese <vi-VN@googlegroups.com>\n"