[Secure-testing-commits] r35103 - data/CVE
Salvatore Bonaccorso
carnil at moszumanska.debian.org
Mon Jun 22 18:40:01 UTC 2015
Author: carnil
Date: 2015-06-22 18:40:01 +0000 (Mon, 22 Jun 2015)
New Revision: 35103
Modified:
data/CVE/list
Log:
Mark freeradius issues as no-dsa
Rationale: The recommended configuration is to use self-signed CAs for
EAP-TLS methods. See raddb/certs/README
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2015-06-22 18:22:11 UTC (rev 35102)
+++ data/CVE/list 2015-06-22 18:40:01 UTC (rev 35103)
@@ -7,8 +7,11 @@
- libwmf <unfixed> (bug #784205)
CVE-2015-4680 [insufficent CRL application]
- freeradius <unfixed>
+ [jessie] - freeradius <no-dsa> (Minor issue)
+ [wheezy] - freeradius <no-dsa> (Minor issue)
+ NOTE: Recommended configuration is to use self-signed CAs for EAP-TLS methods.
+ NOTE: See raddb/certs/README
NOTE: http://www.ocert.org/advisories/ocert-2015-008.html
- TODO: check
CVE-2015-4674
RESERVED
CVE-2015-4673
More information about the Secure-testing-commits
mailing list