[Git][security-tracker-team/security-tracker][master] Reserve DLA-4232-1 for freeradius
Abhijith PA (@abhijith)
abhijith at debian.org
Thu Jun 26 15:29:48 BST 2025
Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker
Commits:
49e60fc8 by Abhijith PA at 2025-06-26T19:59:31+05:30
Reserve DLA-4232-1 for freeradius
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -245470,19 +245470,16 @@ CVE-2022-41862 (In PostgreSQL, a modified, unauthenticated server can send an un
CVE-2022-41861 (A flaw was found in freeradius. A malicious RADIUS client or home serv ...)
{DLA-3342-1}
- freeradius 3.2.0+dfsg-1
- [bullseye] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0ec2b39d260e08e4c3464f6b95005821dc559c62 (release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on invalid abinary data")
CVE-2022-41860 (In freeradius, when an EAP-SIM supplicant sends an unknown SIM option, ...)
{DLA-3342-1}
- freeradius 3.2.0+dfsg-1
- [bullseye] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/f1cdbb33ec61c4a64a32e107d4d02f936051c708 (release_3_0_26)
NOTE: https://freeradius.org/security/ ("Crash on unknown option in EAP-SIM")
CVE-2022-41859 (In freeradius, the EAP-PWD function compute_password_element() leaks i ...)
{DLA-3342-1}
- freeradius 3.2.0+dfsg-1
- [bullseye] - freeradius <no-dsa> (Minor issue)
NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/9e5e8f2f912ad2da8ac6e176ac3a606333469937 (release_3_0_26)
CVE-2022-41858 (A flaw was found in the Linux kernel. A NULL pointer dereference may o ...)
- linux 5.17.6-1
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[26 Jun 2025] DLA-4232-1 freeradius - security update
+ {CVE-2022-41859 CVE-2022-41860 CVE-2022-41861}
+ [bullseye] - freeradius 3.0.21+dfsg-2.2+deb11u2
[26 Jun 2025] DLA-4231-1 firefox-esr - security update
{CVE-2025-6424 CVE-2025-6425 CVE-2025-6429 CVE-2025-6430}
[bullseye] - firefox-esr 128.12.0esr-1~deb11u1
=====================================
data/dla-needed.txt
=====================================
@@ -97,11 +97,6 @@ freeimage
NOTE: 20240922: Many postponed CVE.
NOTE: 20241202: still WIP (santiago)
--
-freeradius (abhijith)
- NOTE: 20250621: Added by coordinator (roberto)
- NOTE: 20250625: CVE-2024-3596 is not actionable (for the moment, at least), but the other CVEs
- NOTE: 20250625: (which have been fixed in older releases) should be fixed to avoid upgrade regression. (roberto)
---
gimp (Adrian Bunk)
NOTE: 20250410: Added by Front-Desk (Beuc)
NOTE: 20250410: CVE-2025-2760 may need a custom patch as upstream now focuses on gimp3,
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49e60fc8aab1ab88d832f1a05cd4047c03a2b0ae
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/49e60fc8aab1ab88d832f1a05cd4047c03a2b0ae
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250626/0fbbfa92/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list