[Pkg-freeradius-maintainers] Bug#1076022: Backport some security settings from upstream 3.2.5 release to mitigate BlastRADIUS
Bastien Roucariès
rouca at debian.org
Fri Aug 9 10:47:14 BST 2024
Le vendredi 9 août 2024, 09:29:44 UTC Bernhard Schmidt a écrit :
>
> >> Another story is bullseye, that one is affected as well but a backport
> >> there is even harder. For now I have marked it as well no-dsa in the
> >> security-tracker, but maybe it should be <ignored> with mentioning
> >> that backporting patches is too intrusive?
> >
> > Regarding the version in bullseye: upstream has kindly shared with me a
> > set of patches. I've pushed them to:
> > https://salsa.debian.org/debian/freeradius/-/tree/wip/debian/blastradius/bullseye.
> >
> > While they build, I haven't been able to test them (yet). The
> > autopkgtest job fails, but that is related to a bug in Salsa CI and
> > systemd when tmp.mount is masked.
> >
> > Bernhard, are you able to test them? I do not have any experience with
> > FreeRADIUS, so I could test them, but I would take me some time. Just
> > let me know if help is needed here.
>
> Cool, unfortunately I'm off to vacation tomorrow and I'm not sure how
> much I can do before. I'll be back on August 20th.
Ok not a problem
>
> So, if I understood you correctly, the plan is to use Bastien's
and santiago
> backported patches in
> https://salsa.debian.org/debian/freeradius/-/tree/wip/debian/blastradius/bullseye
> and update the version in bookworm to the current trixie version, both
> in a point release?
Yes but time here is short, last PU is end of august
> I can test drive the bulleye version on one of our production servers
> after 20th, and I can certainly ask in the higher education group in
> Germany who can test either locally available .debs or better use
> -proposed uploads before the point release.
Fine thansk
Bookworm backport could go along ASAP. Risk is low here
> Do we have a date for the next point release already?
Last day of august
>
> Bernhard
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeradius-maintainers/attachments/20240809/03758642/attachment.sig>
More information about the Pkg-freeradius-maintainers
mailing list