[Pkg-freeradius-maintainers] Bug#863673: Bug#863673: CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
Michael Stapelberg
stapelberg at debian.org
Tue May 30 06:29:06 UTC 2017
control: owner -1 !
I prepared a patch for this issue and emailed the FreeRADIUS security team
asking for review. I’ll upload the patch once they confirm its
effectiveness.
On Mon, May 29, 2017 at 11:16 PM, Guido Günther <agx at sigxcpu.org> wrote:
> Package: freeradius
> Version: 3.0.12+dfsg-4
> severity: grave
>
> Hi,
>
> the following vulnerability was published for freeradius.
>
> CVE-2017-9148[0]: FreeRADIUS TLS resumption authentication bypass
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2017-9148
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9148
>
> Please adjust the affected versions in the BTS as needed.
> Cheers,
> -- Guido
>
> _______________________________________________
> Pkg-freeradius-maintainers mailing list
> Pkg-freeradius-maintainers at lists.alioth.debian.org
> https://lists.alioth.debian.org/mailman/listinfo/pkg-
> freeradius-maintainers
>
--
Best regards,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-freeradius-maintainers/attachments/20170530/ac2e406c/attachment.html>
More information about the Pkg-freeradius-maintainers
mailing list