oss-sec mailing list archives
Re: CVE request: vulnerability in FreeRADIUS (OCSP)
From: Tim Zingelman <tez () netbsd org>
Date: Mon, 18 Jul 2011 22:44:13 -0500
On Mon, Jul 18, 2011 at 5:37 PM, Solar Designer <solar () openwall com> wrote:
dfncert () dfn-cert de wrote:We would be willing to provide the patch to all Linux distributors but we do not want to release the patch publicly and wait for the official patch by the packet maintainer of FreeRADIUS.For FreeRADIUS specifically, it sounds like non-Linux vendors could be interested as well. DFN-CERT did mention Linux distros specifically in the quote above, so the suggestion to use the list was appropriate, but perhaps requests from other distros shipping FreeRADIUS should be accommodated as well. If something like this arrived to the Linux distros list without prior discussion on oss-security, I would bring this up and suggest that we contact *BSD's at least. Since this is already on oss-security, I assume that interested *BSD's and others may ask DFN-CERT themselves. ;-)
NetBSD pkgsrc security team would be interested in the patch, as FreeRADIUS is included in pkgsrc. You could send to me, or to pkgsrc-security () netbsd org in either case the message could be encrypted using this key http://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security () NetBSD org asc Thanks, - Tim
Current thread:
- CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 15)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Vincent Danen (Jul 15)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Ludwig Nussel (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Stefan Behte (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tim Zingelman (Jul 19)
- *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Solar Designer (Jul 19)
- Re: *BSD security contacts (was: CVE request: vulnerability in FreeRADIUS (OCSP)) Tim Zingelman (Jul 21)
- Re: *BSD security contacts Solar Designer (Jul 21)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 18)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Vincent Danen (Jul 15)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Tomas Hoger (Jul 19)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) dfncert (Jul 19)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Josh Bressers (Jul 20)
- Re: CVE request: vulnerability in FreeRADIUS (OCSP) Solar Designer (Jul 19)