Thanks! I will let the port manager know. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED]] On Behalf Of > Alan DeKok > Sent: Tuesday, February 19, 2002 12:37 PM > To: [EMAIL PROTECTED] > Subject: Re: FreeRadius Security hole > > > "Scott Pell" <[EMAIL PROTECTED]>wrote: > > I am trying to load up the latest snapshot of FreeRadius, > but I have > > been warned by FreeBSD developers to not run the released version > > because of the remotely exploitable buffer overflow security hole. > > Yeah, the latest CVS snapshot should be OK. The fix was done in > November: > http://www.freeradius.org/cvs-log/2001/2001-11-30.09:00:00.html > Is there a patch that covers this? If so, we can get guys to take the
> security hold off of the port. If not, is there a timeframe to fix? It's fixed in the latest CVS snapshot. We haven't released another version yet. Hmm... we should probably release another version soon. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.324 / Virus Database: 181 - Release Date: 2/14/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.324 / Virus Database: 181 - Release Date: 2/14/2002 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html