Thanks, I'm trying out the patched version right now. -----Original Message----- From: Moritz Muehlenhoff [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 22, 2007 2:01 PM To: Rene Mayrhofer Cc: James Cameron; [EMAIL PROTECTED]; [EMAIL PROTECTED]; Josh Guilfoyle; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: pptpd 1.3.0 vulnerable to denial of service attack
On Tue, Jul 31, 2007 at 08:01:45PM +0100, Rene Mayrhofer wrote: > On Dienstag 24 April 2007, Moritz Muehlenhoff wrote: > > James Cameron wrote: > > > On Sun, Apr 22, 2007 at 10:40:18PM +0200, Moritz Muehlenhoff wrote: > > > > Do you have an isolated patch for this issue? I'll prepare a DSA. > > > > > > Here is one for 1.3.0. > > > > Thanks, I'll prepare a DSA. > It seems there is a severe problem with this patch: > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427825 > > A new security release will be necessary, I think. An updated package is available at http://people.debian.org/~jmm/pptp/ I don't use MPPE; I need positive testing feedback, before I release this. CCing bugreporters. Cheers, Moritz
