NEWS: Add info about CVE-2025-62291

commit: 1014d74e4b51c777f6cf81db86655fdea0613f61 [log] [tgz]
author: Tobias Brunner <tobias@strongswan.org> Fri Oct 24 15:22:53 2025 +0200
committer: Andreas Steffen <andreas.steffen@strongswan.org> Mon Oct 27 14:02:59 2025 +0100
tree: e81cc40cbc2480ad045e370fcf2c60a7b96b99de
parent: c687ada6a6f68913651e355fd09f906893096b32 [diff]
diff --git a/NEWS b/NEWS
index 916f279..ce3cdd2 100644
--- a/NEWS
+++ b/NEWS

@@ -1,6 +1,11 @@
 strongswan-6.0.3
 ----------------
 
+- Fixed a vulnerability in the eap-mschapv2 plugin related to processing Failure
+  Request packets on the client that can lead to a heap-based buffer overflow
+  and potentially remote code execution.
+  This vulnerability has been registered as CVE-2025-62291.
+
 - The new `alert` event for vici is raised for certain error conditions.
 
 - Only plugins with matching version number are loaded by programs.
commit	1014d74e4b51c777f6cf81db86655fdea0613f61	[log] [tgz]
author	Tobias Brunner <tobias@strongswan.org>	Fri Oct 24 15:22:53 2025 +0200
committer	Andreas Steffen <andreas.steffen@strongswan.org>	Mon Oct 27 14:02:59 2025 +0100
tree	e81cc40cbc2480ad045e370fcf2c60a7b96b99de
parent	c687ada6a6f68913651e355fd09f906893096b32 [diff]