Bug#742820: marked as done (freeradius: CVE-2014-2015)

Mon, 17 Nov 2014 10:58:35 -0800 

Your message dated Mon, 17 Nov 2014 19:53:48 +0100
with message-id <[email protected]>
and subject line Re: Bug#742820: freeradius: CVE-2014-2015
has caused the Debian Bug report #742820,
regarding freeradius: CVE-2014-2015
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
742820: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742820
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: freeradius
Version: 2.1.10+dfsg-2
Severity: normal
Tags: security upstream

Hi,

the following vulnerability was published for freeradius.

CVE-2014-2015[0]:
denial of service in rlm_pap hash processing

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

See also [1] and [2] for a patch.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2015
    https://security-tracker.debian.org/tracker/CVE-2014-2015
[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2015
[2] https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Version: 2.2.5+dfsg-0.1

On Thu, Mar 27, 2014 at 03:54:48PM -0400, Sam Hartman wrote:
> >>>>> "Salvatore" == Salvatore Bonaccorso <[email protected]> writes:
> 
>     Salvatore> Hi,
> 
>     Salvatore> the following vulnerability was published for freeradius.
> 
>     Salvatore> CVE-2014-2015[0]: denial of service in rlm_pap hash
>     Salvatore> processing
> 
> thanks.
> I don't think this is worth a DSA for wheezy.
> elI'm looking into packaging 3.x.  I'll definitely make sure we have
> fixes there and if it's taking a while may upload another NMU for 2.x.

https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a
was included in the new upstream release uploaded as 2.2.5+dfsg-0.1., 
so I'm closing the bug.

Cheers,
        Moritz

--- End Message ---

Reply via email to