Commit 8b68b2ea51 for strongswan.org

commit 8b68b2ea51f572491f0190b348d5cbcaaddd4284
Author: Tobias Brunner <tobias@strongswan.org>
Date:   Thu Apr 16 18:34:24 2026 +0200

    NEWS: Add news for 6.0.6 and info about CVEs (CVE-2026-35328..35334)

diff --git a/NEWS b/NEWS
index 28a6af5626..7ac07d4570 100644
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,38 @@
+strongswan-6.0.6
+----------------
+
+- CVE-2026-35328 - Fixed a vulnerability in libtls related to the processing of
+  the supported_versions extension in TLS that can result in an infinite loop.
+
+- CVE-2026-35329 - Fixed a vulnerability in libstrongswan and the pkcs7 plugin
+  related to the processing of encrypted PKCS#7 containers that can result in
+  a crash.
+
+- CVE-2026-35330 - Fixed a vulnerability in in libsimaka related to the
+  processing of certain EAP-SIM/AKA attributes that can result in an infinite
+  loop or a heap-based buffer overflow and potentially remote code execution.
+
+- CVE-2026-35331 - Fixed a vulnerability in the constraints plugin related to
+  the processing of X.509 name constraints that can allow authentication with
+  certificates that violate the constraints.
+
+- CVE-2026-35332 - Fixed a vulnerability in libtls related to the processing of
+  ECDH public values in TLS < 1.3 that can result in a crash.
+
+- CVE-2026-35333 - Fixed a vulnerability in libradius related to the processing
+  of RADIUS attributes that can result in an infinite loop or an out-of-bounds
+  read that may cause a crash.
+
+- CVE-2026-35334 - Fixed a vulnerability in the gmp plugin related to RSA
+  decryption that can result in a crash.
+
+- Made the Botan RNG types used/provided by the botan plugin configurable.
+
+- The fix for the vulnerability in the constraints plugin now causes all
+  certificates that contain excluded name constraints of type directoryName (DN)
+  to get rejected.
+
+
 strongswan-6.0.5
 ----------------