[Pkg-freeradius-maintainers] Bug#926958: Proposed security upload for FreeRADIUS
Salvatore Bonaccorso
carnil at debian.org
Wed Apr 24 20:23:16 BST 2019
Hi Berni,
On Wed, Apr 24, 2019 at 05:42:31PM +0200, Bernhard Schmidt wrote:
> Hi,
>
> I've gained access to the FreeRADIUS salsa repo and have pushed a new
> debian/stretch branch containing last years security upload and the
> cherry-picked fixes for #926958
>
> It applies and builds cleanly, I'm currently waiting for a colleague who
> runs our Radius proxies to test it.
Looking closer now again at the issue, if I understand correctly, the
module would not be enabled by default and to exploit the issue one
would actually as well need to have access to the authentication
server.
Unless I miss something in the picture, I would say this could be
fixed via the next point release for stretch, and does not warrant a
DSA on its own.
Do I miss something?
Regards,
Salvatore
More information about the Pkg-freeradius-maintainers
mailing list