On 27.05.21 11:18, Chris Lamb wrote:
Hi Sven,
there is a (very) minor security flaw in the radsecproxy package. I have prepared updated packages, available via https://mentors.debian.net/debian/pool/main/r/radsecproxy/radsecproxy_1.6.8-1+deb9u1.dsc for you.
Thanks for preparing a package and, at a quick glance, I would be happy to upload it. Just to 100% check though: you are not in a position to upload it, create and publish a DLA, update the website, etc.? (Just avoiding duplicate work.)
Hello Chris, No, I am just a sponsored uploader, not a DD or DM.As for the security issue: two example scripts were vulnerable but those are not installed into any bin-directory in Debian and only shipped in the examples/ directory in the documentation.
So the severity is very very low. Grüße, Sven.
OpenPGP_signature
Description: OpenPGP digital signature
