commit freeradius-server for openSUSE:Factory

root Wed, 19 Jul 2017 03:22:55 -0700

Hello community,

here is the log from the commit of package freeradius-server for 
openSUSE:Factory checked in at 2017-07-19 11:22:21
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/freeradius-server (Old)
 and      /work/SRC/openSUSE:Factory/.freeradius-server.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Package is "freeradius-server"

Wed Jul 19 11:22:21 2017 rev:69 rq:511084 version:3.0.15

Changes:
--------
--- /work/SRC/openSUSE:Factory/freeradius-server/freeradius-server.changes      
2017-05-31 12:20:22.731007992 +0200
+++ /work/SRC/openSUSE:Factory/.freeradius-server.new/freeradius-server.changes 
2017-07-19 12:22:08.638750224 +0200
@@ -1,0 +2,16 @@
+Mon Jul 17 13:46:41 UTC 2017 - [email protected]
+
+- update to 3.0.15 with security fixes for
+  issues found via fuzzing by Guido Vranken
+  https://freeradius.org/security/fuzzer-2017.html
+  * CVE-2017-10978: FR-GV-201 (v2,v3) Read / write overflow in make_secret()
+  * CVE-2017-10983: FR-GV-206 (v2,v3) DHCP - Read overflow when decoding 
option 63
+  * CVE-2017-10984: FR-GV-301 (v3) Write overflow in data2vp_wimax()
+  * CVE-2017-10985: FR-GV-302 (v3) Infinite loop and memory exhaustion with 
'concat' attributes
+  * CVE-2017-10986: FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()
+  * CVE-2017-10987: FR-GV-304 (v3) DHCP - Buffer over-read in 
fr_dhcp_decode_suboptions()
+  * CVE-2017-10988: FR-GV-305 (v3) Decode 'signed' attributes correctly
+  * FR-AD-002 (v3) String lifetime issues in rlm_python
+  * FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare
+
+-------------------------------------------------------------------

Old:
----
  freeradius-server-3.0.14.tar.bz2
  freeradius-server-3.0.14.tar.bz2.sig

New:
----
  freeradius-server-3.0.15.tar.bz2
  freeradius-server-3.0.15.tar.bz2.sig

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ freeradius-server.spec ++++++
--- /var/tmp/diff_new_pack.aArnY1/_old  2017-07-19 12:22:09.266661619 +0200
+++ /var/tmp/diff_new_pack.aArnY1/_new  2017-07-19 12:22:09.270661054 +0200
@@ -20,7 +20,7 @@
 %define apxs2 apxs2-prefork
 %define apache2_sysconfdir %(%{_sbindir}/%{apxs2} -q SYSCONFDIR)
 Name:           freeradius-server
-Version:        3.0.14
+Version:        3.0.15
 Release:        0
 
 %if 0%{?suse_version} > 1140

++++++ freeradius-server-3.0.14.tar.bz2 -> freeradius-server-3.0.15.tar.bz2 
++++++
++++ 1947 lines of diff (skipped)

commit freeradius-server for openSUSE:Factory

Reply via email to