[Pkg-freeradius-maintainers] Bug#863673: Bug#863673: CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
stapelberg at debian.org
Tue May 30 15:50:20 UTC 2017
Upstream confirmed that my patch fixes the issue, so I uploaded it to
security-team, can you take care of applying the patch to stable and
oldstable please? Thank you.
On Tue, May 30, 2017 at 8:29 AM, Michael Stapelberg <stapelberg at debian.org>
> control: owner -1 !
> I prepared a patch for this issue and emailed the FreeRADIUS security team
> asking for review. I’ll upload the patch once they confirm its
> On Mon, May 29, 2017 at 11:16 PM, Guido Günther <agx at sigxcpu.org> wrote:
>> Package: freeradius
>> Version: 3.0.12+dfsg-4
>> severity: grave
>> the following vulnerability was published for freeradius.
>> CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
>> If you fix the vulnerability please also make sure to include the
>> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>> For further information see:
>>  https://security-tracker.debian.org/tracker/CVE-2017-9148
>> Please adjust the affected versions in the BTS as needed.
>> -- Guido
>> Pkg-freeradius-maintainers mailing list
>> Pkg-freeradius-maintainers at lists.alioth.debian.org
> Best regards,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pkg-freeradius-maintainers