Thanks for your work on this! I always just run the autopkgtest and a basic startup test with the default installation.
On Wed, May 31, 2017 at 7:27 PM, Emilio Pozuelo Monfort <[email protected]> wrote: > Hi, > > I have prepared an update for freeradius. The changelog is: > > freeradius (2.1.12+dfsg-1.2+deb7u1) wheezy-security; urgency=medium > > * Non-maintainer upload by the LTS team. > * CVE-2014-2015: Stack-based buffer overflow in the normify > function in the rlm_pap module. > CVE-2015-4680: Properly check revocation of intermediate CA > certificates. For this to happen, the check_all_crl option of the > EAP TLS section needs to be enabled in eap.conf. > CVE-2017-9148: Disable TLS session cache, since it fails to prevent > resumption of unauthenticated sessions, allowing remote attackers > (such as malicious 802.1X supplicants) to bypass authentication via > PEAP or TTLS without sending valid credentials. > > -- Emilio Pozuelo Monfort <[email protected]> Wed, 31 May 2017 18:31:47 > +0200 > > Packages are available for amd64 from [1]. Source and debdiff are also > included. > > [1] https://people.debian.org/~pochu/lts/freeradius/ > > I have done some basic testing. Some extra testing in more advanced setups > would > be apreciated. > > Note that the fix for CVE-2015-4680 doesn't include the template changes > to the > conffile, to avoid unnecessary prompts and as not everyone needs to enable > this > option. This will be explained in the advisory. > > I will upload freeradius in the next few days if there is no feedback. > > Thanks, > Emilio > > _______________________________________________ > Pkg-freeradius-maintainers mailing list > [email protected] > https://lists.alioth.debian.org/mailman/listinfo/pkg- > freeradius-maintainers > -- Best regards, Michael
