Project

General

Profile

Security and Functional Flaw Reporting » History » Version 6

Andreas Steffen, 07.05.2013 09:23

1 1 Andreas Steffen
h1. Security and Functional Flaw Reporting
2 1 Andreas Steffen
3 1 Andreas Steffen
h2. Security Flaws
4 1 Andreas Steffen
5 2 Andreas Steffen
 * Please email any security-relevant flaw to the special mail account *security@strongswan.org*. Whenever possible encrypt your posting using the "PGP key":http://pgp.mit.edu:11371/pks/lookup?search=security%40strongswan.org for the *security@strongswan.org* account.
6 1 Andreas Steffen
7 6 Andreas Steffen
 * Here is the list of all reported strongSwan high and medium security flaws registered in the "CVE database":http://web.nvd.nist.gov/view/vuln/search-results?query=strongswan which were fixed by the following "security patches":http://download.strongswan.org/security/.
8 4 Andreas Steffen
9 1 Andreas Steffen
h2. Functional Flaws
10 1 Andreas Steffen
11 2 Andreas Steffen
 * Please report all non-security-related flaws and bugs by opening a "new issue":http://wiki.strongswan.org/projects/strongswan/issues/new in our wiki. If you don't have a user account yet, please "register":http://wiki.strongswan.org/account/register first.
12 3 Andreas Steffen
13 3 Andreas Steffen
 * Our Redmine Tracker classifies user issues into the following three categories:
14 1 Andreas Steffen
15 4 Andreas Steffen
   * *Issue*:  Please choose this generic category if you are not sure whether your problem is caused by a strongSwan misconfiguration, an interoperability problem with third party VPN software or an actual bug in the strongSwan code. We are going to reclassify your report after a first analysis.
16 3 Andreas Steffen
17 1 Andreas Steffen
   * *Feature*:  Please choose this category for requesting new features that we might implement in future versions of the strongSwan software.
18 3 Andreas Steffen
19 4 Andreas Steffen
   * *Bug*:  Please post under this category only if you are quite sure that you identified a bug in the strongSwan code, e.g. if the charon daemon crashes which it shouldn't. Of course it is helpful if you can already pinpoint the code file where you suspect the bug or in the case of a crash to provide a backtrack analysis of the core dump. User patches fixing flaws are always welcome.