Date: Mon, 18 Jul 2011 22:44:13 -0500 From: Tim Zingelman <tez@...bsd.org> To: dfncert@...-cert.de Cc: oss-security@...ts.openwall.com Subject: Re: CVE request: vulnerability in FreeRADIUS (OCSP) On Mon, Jul 18, 2011 at 5:37 PM, Solar Designer <solar@...nwall.com> wrote: > > dfncert@...-cert.de wrote: >> > We would be willing to provide the patch to all Linux distributors >> > but we do not want to release the patch publicly and wait for the >> > official patch by the packet maintainer of FreeRADIUS. > > For FreeRADIUS specifically, it sounds like non-Linux vendors could be > interested as well. DFN-CERT did mention Linux distros specifically in > the quote above, so the suggestion to use the list was appropriate, but > perhaps requests from other distros shipping FreeRADIUS should be > accommodated as well. If something like this arrived to the Linux > distros list without prior discussion on oss-security, I would bring > this up and suggest that we contact *BSD's at least. Since this is > already on oss-security, I assume that interested *BSD's and others may > ask DFN-CERT themselves. ;-) > NetBSD pkgsrc security team would be interested in the patch, as FreeRADIUS is included in pkgsrc. You could send to me, or to pkgsrc-security@...bsd.org in either case the message could be encrypted using this key http://ftp.netbsd.org/pub/NetBSD/security/PGP/pkgsrc-security@NetBSD.org.asc Thanks, - Tim
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.