-- Best regards, Liu DongMiao 2014-04-29 8:23 GMT+08:00 Liu DongMiao <liudongmiao@gmail.com>: > Dear Yves-Alexis Perez and Debian Security Team, > > Related bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744717 > > From the changelog of debian, I know that your are the maintainer of > openswan in debian: > openswan (1:2.6.37-3+deb7u1) wheezy-security; urgency=high > * Non-maintainer upload by the Security Team. > * debian/patches: > - CVE-2013-2053 added, fix pre-authentication buffer overflow in atodn() / > atoid() (CVE-2013-2053). closes: #709144 > - CVE-2013-6466 added, fix pre-authentication remote denial of service in > IKEv2 daemon (CVE-2013-6466) closes: #737406 > -- Yves-Alexis Perez <corsac@debian.org> Sun, 23 Mar 2014 16:12:16 +0100 > > After upgrade the openswan in wheezy to 1:2.6.37-3+deb7u1, I found > that I cannot connect to ipsec from mac os x and ios any more. And > there are some guys encoutered the same problem as me: > http://superuser.com/questions/740545/l2tp-ipsec-stopped-working-after-openssl-upgrade > (however, the subject was mis understanding). > > After checking the patch, I found the it's CVE-2013-6466.patch, it > removes the compatible code for mac os x and ios, which use a bad > draft. Now, I have fixed this, and test on mac os x and ios. However, > I didn't test on other platform, such as linux, windows. > > I'm attaching the patch, and if you cannot see it, you can download it > from http://piebridge.me/openswan_osx_nat_d_baddraft.patch > > -- > Best regards, > Liu DongMiao
Attachment:
openswan_osx_nat_d_baddraft.patch
Description: Binary data