[Git][security-tracker-team/security-tracker][master] Reserve DLA-3342-1 for freeradius
Markus Koschany (@apo)
apo at debian.org
Fri Feb 24 16:16:45 GMT 2023
Markus Koschany pushed to branch master at Debian Security Tracker / security-tracker
Commits:
9b068ca8 by Markus Koschany at 2023-02-24T17:16:33+01:00
Reserve DLA-3342-1 for freeradius
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -34641,13 +34641,11 @@ CVE-2022-41862
CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...)
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius <no-dsa> (Minor issue)
- [buster] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...)
- freeradius 3.2.0+dfsg-1
[bullseye] - freeradius <no-dsa> (Minor issue)
- [buster] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM")
CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...)
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[24 Feb 2023] DLA-3342-1 freeradius - security update
+ {CVE-2022-41859 CVE-2022-41860 CVE-2022-41861}
+ [buster] - freeradius 3.0.17+dfsg-1.1+deb10u2
[24 Feb 2023] DLA-3341-1 curl - security update
{CVE-2023-23916}
[buster] - curl 7.64.0-4+deb10u5
=====================================
data/dla-needed.txt
=====================================
@@ -54,10 +54,6 @@ firmware-nonfree
NOTE: 20221211: Programming language: Binary blob
NOTE: 20221211: VCS: https://salsa.debian.org/lts-team/packages/firmware-nonfree.git
--
-freeradius (Markus Koschany)
- NOTE: 20230219: Programming language: C.
- NOTE: 20230219: VCS: https://salsa.debian.org/lts-team/packages/freeradius.git
---
fusiondirectory
NOTE: 20221203: Programming language: PHP.
NOTE: 20221203: Please evaluate, whether the package can be fixed (gladk).
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b068ca8eaf9b4a7213248d3fb9a1706ae1f2c57
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/9b068ca8eaf9b4a7213248d3fb9a1706ae1f2c57
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230224/fd288c6d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list