Date: Tue, 19 Jul 2011 02:37:46 +0400 From: Solar Designer <solar@...nwall.com> To: oss-security@...ts.openwall.com Cc: dfncert@...-cert.de Subject: Re: CVE request: vulnerability in FreeRADIUS (OCSP) Hi, We have almost 800 subscribers on oss-security, but DFN-CERT doesn't appear to be subscribed - so I've re-added the CC on this reply, and I'll over-quote a little. dfncert@...-cert.de wrote: > > We would be willing to provide the patch to all Linux distributors > > but we do not want to release the patch publicly and wait for the > > official patch by the packet maintainer of FreeRADIUS. On Tue, Jul 19, 2011 at 12:06:15AM +0200, Stefan Behte wrote: > Then posting it to the new vendor-sec (linux-distros@...openwall.org) > sounds like the right thing to do. This is not exactly the new vendor-sec. As the name suggests, it is a Linux distros only list. Also, please note that the maximum acceptable embargo period on this list is 14 days. We need to communicate this detail to whoever we're asking to disclose anything to the list, before they disclose. When posting to the list, you may encrypt messages to the attached key. For FreeRADIUS specifically, it sounds like non-Linux vendors could be interested as well. DFN-CERT did mention Linux distros specifically in the quote above, so the suggestion to use the list was appropriate, but perhaps requests from other distros shipping FreeRADIUS should be accommodated as well. If something like this arrived to the Linux distros list without prior discussion on oss-security, I would bring this up and suggest that we contact *BSD's at least. Since this is already on oss-security, I assume that interested *BSD's and others may ask DFN-CERT themselves. ;-) > Gentoo complies to your requirements > and would like to get the patch directly, if you do not plan to send it > there. Alexander View attachment "linux-distros.asc" of type "text/plain" (1858 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.