-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Apr 2026 11:19:15 +0200
Source: strongswan
Architecture: source
Version: 5.9.8-5+deb12u4
Distribution: bookworm-security
Urgency: medium
Maintainer: strongSwan Maintainers <pkg-swan-devel@lists.alioth.debian.org>
Changed-By: Yves-Alexis Perez <corsac@debian.org>
Changes:
 strongswan (5.9.8-5+deb12u4) bookworm-security; urgency=medium
 .
   * d/patches: add fix for integer underflow in libsimaka when handling
     EAP-SIM/AKA attributes (CVE-2026-35330)
   * d/patches: add fix for integer underflow in libradius when handling RADIUS
     attributes (CVE-2026-35333)
   * d/patches: add fix for NULL-pointer dereference in libtls when handling
     ECDH public values (CVE-2026-35332)
   * d/patches: add fix for infinite loop in libtls when handling supported
     versions TLS extension (CVE-2026-35328)
   * d/patches: add fix for NULL-pointer dereference in libstrongswan (pkcs5)
     and the pkcs7 plugin when processing padding in PKCS#7 (CVE-2026-35329)
   * d/patches: add fix for acceptation of authentication certificates
     violating name constraints (CVE-2026-35331)
   * d/patches: add fix for possible NULL-pointer dereference in gmp plugin for
     RSA decryption (CVE-2026-35334)
Checksums-Sha1:
 6ed1a214e0f65ef69ac4a79498e55e6adfd6023e 3210 strongswan_5.9.8-5+deb12u4.dsc
 43844202f18e22c662d842548163079b79dc9b1a 125988 strongswan_5.9.8-5+deb12u4.debian.tar.xz
 8c0ca7a2340763698a7da1f7de8cb260aa252db2 18320 strongswan_5.9.8-5+deb12u4_amd64.buildinfo
Checksums-Sha256:
 17cda485058e01af16a6799cd24c24fd8555000ee85eb17ee1a9727737e0eea7 3210 strongswan_5.9.8-5+deb12u4.dsc
 3729c3ab49dfd8201875bdff25b82ffeefab2e9b66963f1c7685a514afe07b8e 125988 strongswan_5.9.8-5+deb12u4.debian.tar.xz
 4191bcc7bd2f3791e3bd47773432d4b70a0c36163857386896a442c76eafa683 18320 strongswan_5.9.8-5+deb12u4_amd64.buildinfo
Files:
 d5189d1cfb2f8d22f5c592a8d5765ccd 3210 net optional strongswan_5.9.8-5+deb12u4.dsc
 e5ffdbf944fdccc08abb6e0610f91ac1 125988 net optional strongswan_5.9.8-5+deb12u4.debian.tar.xz
 3af43361c37d331037c8e3ea29956cc5 18320 net optional strongswan_5.9.8-5+deb12u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAmnecg8ACgkQ3rYcyPpX
RFth/wgA3AI8N4UwUIGE6x1jIc45GEznf2Oee86ETi+3wpvo51FjWUbhjCxwJ4DH
/jKAEJquUUvXEqv01zixEpQJxOnrrij3EXVN0llxi6C1Yc2/7SqMR4reCcQkTY5U
IIvX8sotyKSALO94fF5Z7AuZXiNf/ZUl1jGPDZizu4QwVTqGhox2p5YwWqIKEcBL
wBar7LAVFOOCPRStxfiWEvaZf5hbB/jmYDcxqcOHfcpG6Rp5wb0ejNJcgzCWbFjc
V4KC6pXQFc5YmrhoTwfYJ98oQxEo/FXyiNkyXdw5l3LWwn3CE/Nx3b0JNeBCQeo4
ngBk1ZyA04/VptKsHLAlxLVGtvLSbw==
=Yn8e
-----END PGP SIGNATURE-----