[Pkg-freeradius-maintainers] Bug#863673: Bug#863673: CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass

Salvatore Bonaccorso carnil at debian.org
Thu Jun 1 07:34:44 UTC 2017


On Thu, Jun 01, 2017 at 08:54:57AM +0200, Michael Stapelberg wrote:
> I got the idea from https://www.debian.org/security/faq#upload. Is the FAQ
> outdated, or did I read it wrong? If the latter, please elaborate so that
> we can update the docs to be more clear.

The idea behind that FAQ entry is to state that an upload should never
be done without first having an ack from the security team. The
dev-ref gives a broather view on how to handle security-issues, and
interact with the team:


Maybe we should rephrase a bit the FAQ entry itself.


More information about the Pkg-freeradius-maintainers mailing list