Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 18 Jul 2011 22:44:13 -0500
From: Tim Zingelman <>
Subject: Re: CVE request: vulnerability in FreeRADIUS (OCSP)

On Mon, Jul 18, 2011 at 5:37 PM, Solar Designer <> wrote:
> wrote:
>> > We would be willing to provide the patch to all Linux distributors
>> > but we do not want to release the patch publicly and wait for the
>> > official patch by the packet maintainer of FreeRADIUS.
> For FreeRADIUS specifically, it sounds like non-Linux vendors could be
> interested as well.  DFN-CERT did mention Linux distros specifically in
> the quote above, so the suggestion to use the list was appropriate, but
> perhaps requests from other distros shipping FreeRADIUS should be
> accommodated as well.  If something like this arrived to the Linux
> distros list without prior discussion on oss-security, I would bring
> this up and suggest that we contact *BSD's at least.  Since this is
> already on oss-security, I assume that interested *BSD's and others may
> ask DFN-CERT themselves. ;-)

NetBSD pkgsrc security team would be interested in the patch, as
FreeRADIUS is included in pkgsrc.
You could send to me, or to in either case
the message could be encrypted using
this key


- Tim

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.