This one time, at band camp, Steve Langasek said: > On Fri, Apr 07, 2006 at 10:47:44AM +0100, Stephen Gran wrote: > > > I generally don't like to NMU new upstream versions, but I see no > > activity on a security bug in a couple of weeks, so I thought I > > would ask. > > Please don't upload until the current version has reached testing. > freeradius is among the many packages currently tied into the > libmysqlclient ABI transition, which is a monster to manage -- getting > 200 packages unblocked and into etch needs to take precedence over one > RC bug, security or otherwise.
No problem - quite understood. I guess I added this one to your plate in the first place with my last NMU - sorry about that. > FWIW, I'm not convinced this bug warrants grave severity anyway; > unless the crasher bug allows arbitrary code execution as well, it > doesn't seem like this is really a big issue given that the radius > clients shouldn't normally be under the control of an attacker? Hmm. I read it to mean that clients could force auth bypass and potentially crash the server, as in any client, not just another radius client. If you are correct, then it is not that big a deal. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
