[Pkg-freeradius-maintainers] Bug#880913: Bug#880913: correct receiving of multiple RADIUS packets through RadSec
stapelberg at debian.org
Wed Jan 3 08:11:35 UTC 2018
Sorry for the late reply. See inline:
On Sun, Nov 5, 2017 at 4:41 PM, Jan Tomasek <jan at tomasek.cz> wrote:
> Package: freeradius
> Version: 3.0.12+dfsg-5
> Severity: important
> Tags: patch
> freeRADIUS v3 does have implementation bug. It isn't able to read more
> than one packet from incoming TLS (RadSec) connection. The bug shows more
> likely on large deployments and is able to make server completely useless.
> That is why I'm setting Severity to important.
> More detailed technical info is available here:
> The attached patch is tested against official freeRAIDUS releases 3.0.12,
> 3.0.14, 3.0.15 and against Debian package freeradius_3.0.12+dfsg-5 it fixes
> the problem and causes no harm.
> Please is it possible to propagate this into Debian/Stretch?
Pushing code directly to Debian stretch is too risky. Let’s wait until the
change made it to Debian testing, which most naturally would happen with a
new upstream release (3.0.16?).
Once that happened, please ping this bug and we can look into preparing an
update to stretch.
> Jan Tomasek aka Semik
> Pkg-freeradius-maintainers mailing list
> Pkg-freeradius-maintainers at lists.alioth.debian.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Pkg-freeradius-maintainers