[Pkg-freeradius-maintainers] Bug#1076022: Backport some security settings from upstream 3.2.5 release to mitigate BlastRADIUS
Bernhard Schmidt
berni at debian.org
Fri Aug 9 10:29:44 BST 2024
>> Another story is bullseye, that one is affected as well but a backport
>> there is even harder. For now I have marked it as well no-dsa in the
>> security-tracker, but maybe it should be <ignored> with mentioning
>> that backporting patches is too intrusive?
>
> Regarding the version in bullseye: upstream has kindly shared with me a
> set of patches. I've pushed them to:
> https://salsa.debian.org/debian/freeradius/-/tree/wip/debian/blastradius/bullseye.
>
> While they build, I haven't been able to test them (yet). The
> autopkgtest job fails, but that is related to a bug in Salsa CI and
> systemd when tmp.mount is masked.
>
> Bernhard, are you able to test them? I do not have any experience with
> FreeRADIUS, so I could test them, but I would take me some time. Just
> let me know if help is needed here.
Cool, unfortunately I'm off to vacation tomorrow and I'm not sure how
much I can do before. I'll be back on August 20th.
So, if I understood you correctly, the plan is to use Bastien's
backported patches in
https://salsa.debian.org/debian/freeradius/-/tree/wip/debian/blastradius/bullseye
and update the version in bookworm to the current trixie version, both
in a point release?
I can test drive the bulleye version on one of our production servers
after 20th, and I can certainly ask in the higher education group in
Germany who can test either locally available .debs or better use
-proposed uploads before the point release.
Do we have a date for the next point release already?
Bernhard
More information about the Pkg-freeradius-maintainers
mailing list