Bug#694407: freeradius: CVE-2011-4966

2013-01-18 Thread Jonathan Wiltshire 
Package: freeradius

Dear maintainer,

Recently you fixed one or more security problems and as a result you closed
this bug. These problems were not serious enough for a Debian Security
Advisory, so they are now on my radar for fixing in the following suites
through point releases:

squeeze (6.0.7) - use target stable

Please prepare a minimal-changes upload targetting each of these suites,
and submit a debdiff to the Release Team [0] for consideration. They will
offer additional guidance or instruct you to upload your package.

I will happily assist you at any stage if the patch is straightforward and
you need help. Please keep me in CC at all times so I can
track [1] the progress of this request.

For details of this process and the rationale, please see the original
announcement [2] and my blog post [3].

0: debian-rele...@lists.debian.org
1: http://prsc.debian.net/tracker/694407/
2: 201101232332.11736.th...@debian.org
3: http://deb.li/prsc

Thanks,

with his security hat on:
--
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#694407: freeradius: CVE-2011-4966

2012-11-26 Thread Moritz Muehlenhoff 
Package: freeradius
Severity: grave
Tags: security
Justification: user security hole

Hi,
please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4966
for details and a link to the upstream fix.

Cheers,
Moritz


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#694407: freeradius: CVE-2011-4966

2012-11-26 Thread Josip Rodin 
On Mon, Nov 26, 2012 at 10:24:03AM +0100, Moritz Muehlenhoff wrote:
 please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4966
 for details and a link to the upstream fix.

AFAICT this is a year old, so apparently it's not really so important? :)
Do you think we should take the opportunity to upload the fix for #689419
to stable?

-- 
 2. That which causes joy or happiness.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org