control: owner -1 ! I prepared a patch for this issue and emailed the FreeRADIUS security team asking for review. I’ll upload the patch once they confirm its effectiveness.
On Mon, May 29, 2017 at 11:16 PM, Guido Günther <a...@sigxcpu.org> wrote: > Package: freeradius > Version: 3.0.12+dfsg-4 > severity: grave > > Hi, > > the following vulnerability was published for freeradius. > > CVE-2017-9148[0]: FreeRADIUS TLS resumption authentication bypass > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-9148 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9148 > > Please adjust the affected versions in the BTS as needed. > Cheers, > -- Guido > > _______________________________________________ > Pkg-freeradius-maintainers mailing list > pkg-freeradius-maintain...@lists.alioth.debian.org > https://lists.alioth.debian.org/mailman/listinfo/pkg- > freeradius-maintainers > -- Best regards, Michael
