Date: Wed, 31 May 2017 06:00:51 +0000
From: bugzilla-noreply@freebsd.org
To: freebsd-ports-bugs@FreeBSD.org
Subject: [Bug 219662] net/freeradius{2,3}: Update to 3.0.14 (CVE-2017-9148 FreeRADIUS TLS resumption authentication bypass)
Message-ID: <bug-219662-13-p1WgbcCeRH@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-219662-13@https.bugs.freebsd.org/bugzilla/>
References: <bug-219662-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219662 Kubilay Kocak <koobs@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ports-secteam@FreeBSD.org, | |zi@FreeBSD.org Assignee|freebsd-ports-bugs@FreeBSD. |zi@FreeBSD.org |org | Status|New |Open Keywords| |needs-patch, needs-qa, | |security Priority|--- |Normal Summary|net/freeradius: |net/freeradius{2,3}: Update |CVE-2017-9148 FreeRADIUS |to 3.0.14 (CVE-2017-9148 |TLS resumption |FreeRADIUS TLS resumption |authentication bypass |authentication bypass) Flags| |maintainer-feedback?(zi@Fre | |eBSD.org), merge-quarterly? URL| |http://seclists.org/oss-sec | |/2017/q2/342 --- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> --- net/freeradius has been deleted, assuming this is for net/freeradius3. Assi= gn to maintainer accordingly. It appears net/freeradius2 (EoL) is also affected, the port for which has n= ot been deprecated/deleted. It does not appear a patch for 2.2.9 has been crea= ted (I could not identify one on initial view). Both ports have the same maintainer. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219662-13-p1WgbcCeRH>