[Git][security-tracker-team/security-tracker][master] Mark CVE-2024-3596/freeradius (blastradius issue) as postponed in bullseye

[Santiago R.R. (@santiago)]

Santiago R.R. pushed to branch master at Debian Security Tracker / security-tracker


Commits:
082f6a2b by Santiago Ruano Rincón at 2025-06-12T14:01:33-03:00
Mark CVE-2024-3596/freeradius (blastradius issue) as postponed in bullseye

Not marking it as <ignored> since it is technically possible to backport
the patches. However, changes are known for breaking some existing
setups.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -99455,7 +99455,7 @@ CVE-2024-3603 (The OSM \u2013 OpenStreetMap plugin for WordPress is vulnerable t
 CVE-2024-3596 (RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a  ...)
 	- freeradius 3.2.5+dfsg-1
 	[bookworm] - freeradius <no-dsa> (Minor issue; can be fixed via point release rebasing to 3.2.5, cf. #1076022)
-	[bullseye] - freeradius <no-dsa> (Minor issue; intrusive to backport)
+	[bullseye] - freeradius <postponed> (Minor issue; intrusive to backport)
 	NOTE: https://www.blastradius.fail/
 	NOTE: https://kb.cert.org/vuls/id/456537
 	NOTE: https://www.openwall.com/lists/oss-security/2024/07/09/4



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/082f6a2b7eda96541af816f088ed28704f576c59

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/082f6a2b7eda96541af816f088ed28704f576c59
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250612/bf043c0e/attachment-0001.htm>