libreswan - Debian Package Tracker

libreswan - Debian Package Tracker
Choose email to subscribe with
general
source:
libreswan
main
version:
5.2-2.4
maintainer:
Daniel Kahn Gillmor
DMD
uploaders:
Ondřej Surý
DMD
Paul Wouters
DMD
arch:
any
std-ver:
4.7.1
VCS:
Git
Browse
QA
versions
[more versions can be listed by madison]
[old versions available from snapshot.debian.org]
[pool directory]
o-o-stable:
4.
3-
1+
deb11u4
o-o-sec:
4.
3-
1+
deb11u3
oldstable:
4.
10-
2+
deb12u1
stable:
5.2-2.2
testing:
5.2-2.4
unstable:
5.2-2.4
versioned links
4.
3-
1+
deb11u3:
[.dsc, use dget on this link to retrieve source package]
[changelog]
[copyright]
[rules]
[control]
4.
3-
1+
deb11u4:
[.dsc, use dget on this link to retrieve source package]
[changelog]
[copyright]
[rules]
[control]
4.
10-
2+
deb12u1:
[.dsc, use dget on this link to retrieve source package]
[changelog]
[copyright]
[rules]
[control]
5.2-2.2:
[.dsc, use dget on this link to retrieve source package]
[changelog]
[copyright]
[rules]
[control]
5.2-2.4:
[.dsc, use dget on this link to retrieve source package]
[changelog]
[copyright]
[rules]
[control]
binaries
libreswan
5 bugs
action needed
Marked for autoremoval on 28 May due to
ldns
#1133760
high
Version 5.2-2.4 of libreswan is marked for autoremoval from testing on Thu 28 May 2026.
It depends (transitively) on
ldns
, affected by
#1133760
You should try to prevent the removal by fixing these RC bugs.
Created: 2026-04-21
Last update: 2026-04-24
13:30
A new upstream version is available:
5.3
high
A new upstream version
5.3
is available, you should consider packaging it.
Created: 2025-12-17
Last update: 2026-04-24
08:02
The
VCS repository is not up to date
, push the missing commits.
high
vcswatch
reports that

the current version of the package is not in its VCS.
Either you need to push your commits and/or your tags, or the information about
the package's VCS are out of date. A common cause of the latter issue when
using the Git VCS is not specifying the correct branch when the packaging is
not in the default one (remote HEAD branch), which is usually "master" but can
be modified in salsa.debian.org in the project's general settings with the
"Default Branch" field). Alternatively the Vcs-Git field in debian/control can
contain a "-b " suffix to indicate what branch is used
for the Debian packaging.
Created: 2025-05-10
Last update: 2026-04-22
05:00
5 security issues
in bookworm
high
There are
5 open security issues
in bookworm.
4 important issues:
CVE-2024-3652

The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected.
CVE-2023-38710

An issue was discovered in Libreswan before 4.12. When an IKEv2 Child SA REKEY packet contains an invalid IPsec protocol ID number of 0 or 1, an error notify INVALID_SPI is sent back. The notify payload's protocol ID is copied from the incoming packet, but the code that verifies outgoing packets fails an assertion that the protocol ID must be ESP (2) or AH(3) and causes the pluto daemon to crash and restart. NOTE: the earliest affected version is 3.20.
CVE-2023-38711

An issue was discovered in Libreswan before 4.12. When an IKEv1 Quick Mode connection configured with ID_IPV4_ADDR or ID_IPV6_ADDR receives an IDcr payload with ID_FQDN, a NULL pointer dereference causes a crash and restart of the pluto daemon. NOTE: the earliest affected version is 4.6.
CVE-2023-38712

The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service.
CVE-2024-3652

An issue was discovered in Libreswan 3.x and 4.x before 4.12. When an IKEv1 ISAKMP SA Informational Exchange packet contains a Delete/Notify payload followed by further Notifies that act on the ISAKMP SA, such as a duplicated Delete/Notify message, a NULL pointer dereference on the deleted state causes the pluto daemon to crash and restart.
Created: 2023-08-17
Last update: 2024-06-09
21:00
1 bug
tagged help in the
BTS
normal
The
BTS
contains
1 bug
tagged
help
, please consider helping the maintainer in dealing with
it.
Created: 2019-03-21
Last update: 2026-04-24
12:30
2 bugs
tagged patch in the
BTS
normal
The
BTS
contains
patches fixing 2 bugs
, consider including or untagging them.
Created: 2026-04-06
Last update: 2026-04-24
12:30
lintian reports
3 warnings
normal
Lintian reports
3 warnings
about this package. You should make the package
lintian clean
getting rid of them.
Created: 2026-01-24
Last update: 2026-02-28
11:00
debian/patches:
2 patches
to forward upstream
low
Among the
4 debian patches
available in version 5.2-2.4 of the package,
we noticed the following issues:
2 patches
where the metadata indicates that the patch has not yet been forwarded
upstream. You should either forward the patch upstream or update the
metadata to document its real status.
Created: 2023-02-26
Last update: 2026-01-24
19:01
Standards version of the package is outdated.
wishlist
The package should be updated to follow the last version of
Debian Policy
(Standards-Version
4.7.4
instead of
4.7.1
).
Created: 2025-02-27
Last update: 2026-03-31
15:01
news
[rss feed]
2026-01-29
libreswan 5.2-2.4 MIGRATED to testing
Debian testing watch
2026-01-24
Accepted libreswan 5.2-2.4 (source) into unstable
Adrian Bunk
2025-12-17
Accepted libreswan 5.2-2.3 (source) into unstable
Adrian Bunk
2025-05-30
libreswan 5.2-2.2 MIGRATED to testing
Debian testing watch
2025-05-09
Accepted libreswan 5.2-2.2 (source) into unstable
Chris Hofstaedtler
(signed by:
Christian Hofstaedtler
2025-03-28
libreswan 5.2-2.1 MIGRATED to testing
Debian testing watch
2025-03-26
Accepted libreswan 5.2-2.1 (source) into unstable
Michael Biebl
2025-03-08
libreswan 5.2-2 MIGRATED to testing
Debian testing watch
2025-03-04
Accepted libreswan 5.2-2 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2025-03-02
libreswan 4.15-1 MIGRATED to testing
Debian testing watch
2025-02-27
Accepted libreswan 5.2-1 (source) into experimental
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2025-02-27
Accepted libreswan 4.15-1 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2024-10-05
libreswan 4.14-1.1 MIGRATED to testing
Debian testing watch
2024-09-25
Accepted libreswan 4.14-1.1 (source) into unstable
Michael Biebl
2024-08-24
libreswan REMOVED from testing
Debian testing watch
2024-05-04
libreswan 4.14-1 MIGRATED to testing
Debian testing watch
2024-03-14
Accepted libreswan 5.0~rc2-2 (source) into experimental
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2024-03-12
Accepted libreswan 4.14-1 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2024-03-12
Accepted libreswan 5.0~rc2-1 (source) into experimental
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2024-03-12
Accepted libreswan 4.12-3 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2024-03-12
Accepted libreswan 4.12-2 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2024-02-16
libreswan REMOVED from testing
Debian testing watch
2023-08-13
libreswan 4.12-1 MIGRATED to testing
Debian testing watch
2023-08-10
Accepted libreswan 4.12-1 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2023-06-16
Accepted libreswan 4.3-1+deb11u4 (source) into oldstable-proposed-updates
Debian FTP Masters
(signed by:
dkg@debian.org
2023-06-13
libreswan 4.11-1 MIGRATED to testing
Debian testing watch
2023-06-02
Accepted libreswan 4.10-2+deb12u1 (source) into testing-proposed-updates
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2023-06-02
Accepted libreswan 4.11-1 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
2023-03-31
libreswan 4.10-2 MIGRATED to testing
Debian testing watch
2023-03-10
Accepted libreswan 4.10-2 (source) into unstable
Daniel Kahn Gillmor
(signed by:
dkg@debian.org
bugs
[bug history graph]
all:
RC:
I&N:
M&W:
F&P:
patch:
help:
links
homepage
lintian
buildd:
logs
reproducibility
cross
popcon
browse source code
other distros
security tracker
debian patches
debci
ubuntu
[Information about Ubuntu for Debian Developers]
version:
5.2-2.2ubuntu2
4 bugs
patches for 5.2-2.2ubuntu2