[Secure-testing-commits] r35103 - data/CVE

Salvatore Bonaccorso carnil at moszumanska.debian.org
Mon Jun 22 18:40:01 UTC 2015


Author: carnil
Date: 2015-06-22 18:40:01 +0000 (Mon, 22 Jun 2015)
New Revision: 35103

Modified:
   data/CVE/list
Log:
Mark freeradius issues as no-dsa

Rationale: The recommended configuration is to use self-signed CAs for
EAP-TLS methods. See raddb/certs/README

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2015-06-22 18:22:11 UTC (rev 35102)
+++ data/CVE/list	2015-06-22 18:40:01 UTC (rev 35103)
@@ -7,8 +7,11 @@
 	- libwmf <unfixed> (bug #784205)
 CVE-2015-4680 [insufficent CRL application]
 	- freeradius <unfixed>
+	[jessie] - freeradius <no-dsa> (Minor issue)
+	[wheezy] - freeradius <no-dsa> (Minor issue)
+	NOTE: Recommended configuration is to use self-signed CAs for EAP-TLS methods.
+	NOTE: See raddb/certs/README
 	NOTE: http://www.ocert.org/advisories/ocert-2015-008.html
-	TODO: check
 CVE-2015-4674
 	RESERVED
 CVE-2015-4673




More information about the Secure-testing-commits mailing list