Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: vulnerability in FreeRADIUS (OCSP)
From: Tim Zingelman <tez () netbsd org>
Date: Mon, 18 Jul 2011 22:44:13 -0500

On Mon, Jul 18, 2011 at 5:37 PM, Solar Designer <solar () openwall com> wrote:

dfncert () dfn-cert de wrote:
We would be willing to provide the patch to all Linux distributors
but we do not want to release the patch publicly and wait for the
official patch by the packet maintainer of FreeRADIUS.

For FreeRADIUS specifically, it sounds like non-Linux vendors could be
interested as well.  DFN-CERT did mention Linux distros specifically in
the quote above, so the suggestion to use the list was appropriate, but
perhaps requests from other distros shipping FreeRADIUS should be
accommodated as well.  If something like this arrived to the Linux
distros list without prior discussion on oss-security, I would bring
this up and suggest that we contact *BSD's at least.  Since this is
already on oss-security, I assume that interested *BSD's and others may
ask DFN-CERT themselves. ;-)

NetBSD pkgsrc security team would be interested in the patch, as
FreeRADIUS is included in pkgsrc.
You could send to me, or to pkgsrc-security () netbsd org in either case
the message could be encrypted using
this key  http://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security () NetBSD org asc


- Tim

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]