Re: CVE-2021-32642 in radsecproxy

To: Chris Lamb <lamby@debian.org>, debian-lts@lists.debian.org
Subject: Re: CVE-2021-32642 in radsecproxy
From: Sven Hartge <sven@svenhartge.de>
Date: Thu, 27 May 2021 11:56:54 +0200
Message-id: <[🔎] f9069536-7abd-c8bd-2f71-efe27efdac02@svenhartge.de>
In-reply-to: <[🔎] 89091d8c-3557-4bfc-b0bf-4df973a65db7@www.fastmail.com>
References: <[🔎] 5h9q6f5kvq6v8@mids.svenhartge.de> <[🔎] 89091d8c-3557-4bfc-b0bf-4df973a65db7@www.fastmail.com>

On 27.05.21 11:18, Chris Lamb wrote:

Hi Sven,

there is a (very) minor security flaw in the radsecproxy package.

I have prepared updated packages, available via
https://mentors.debian.net/debian/pool/main/r/radsecproxy/radsecproxy_1.6.8-1+deb9u1.dsc
for you.

Thanks for preparing a package and, at a quick glance, I would be
happy to upload it. Just to 100% check though:  you are not in a
position to upload it, create and publish a DLA, update the website,
etc.? (Just avoiding duplicate work.)


Hello Chris,

No, I am just a sponsored uploader, not a DD or DM.

As for the security issue: two example scripts were vulnerable but thoseare not installed into any bin-directory in Debian and only shipped inthe examples/ directory in the documentation.


So the severity is very very low.

Grüße,
Sven.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature

Reply to:

Follow-Ups:
- Re: CVE-2021-32642 in radsecproxy
  - From: "Chris Lamb" <lamby@debian.org>

References:
- CVE-2021-32642 in radsecproxy
  - From: Sven Hartge <sven@svenhartge.de>
- Re: CVE-2021-32642 in radsecproxy
  - From: "Chris Lamb" <lamby@debian.org>

Prev by Date: Re: CVE-2021-32642 in radsecproxy
Next by Date: Re: CVE-2021-32642 in radsecproxy
Previous by thread: Re: CVE-2021-32642 in radsecproxy
Next by thread: Re: CVE-2021-32642 in radsecproxy
Index(es):
- Date
- Thread