[Pkg-freeradius-maintainers] Bug#863673: Bug#863673: CVE-2017-9148: FreeRADIUS TLS resumption authentication bypass
stapelberg at debian.org
Thu Jun 1 21:09:17 UTC 2017
Thanks, I agree that updating the FAQ would be good.
The original question of how to proceed still stands. I sent the patch in
my previous message; do you want me to upload it, or do you want to upload
it? If I should do it, let me state for the record that I have no idea what
I’m doing (I never uploaded to anything but unstable/experimental).
On Thu, Jun 1, 2017 at 9:34 AM, Salvatore Bonaccorso <carnil at debian.org>
> On Thu, Jun 01, 2017 at 08:54:57AM +0200, Michael Stapelberg wrote:
> > I got the idea from https://www.debian.org/security/faq#upload. Is the
> > outdated, or did I read it wrong? If the latter, please elaborate so that
> > we can update the docs to be more clear.
> The idea behind that FAQ entry is to state that an upload should never
> be done without first having an ack from the security team. The
> dev-ref gives a broather view on how to handle security-issues, and
> interact with the team:
> Maybe we should rephrase a bit the FAQ entry itself.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pkg-freeradius-maintainers