[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2021-32642 in radsecproxy



On 27.05.21 15:51, Utkarsh Gupta wrote:
On Thu, May 27, 2021 at 4:22 PM Sven Hartge <sven@svenhartge.de> wrote:

I'll ultimately leave it up to whoever is on LTS frontdesk duty this
week, but I suspect we will do the same too. Happy to do the actual
upload if FD believes the vulnerability does warrant an update, mind
you. (Thanks either way, of course.)

Absolutely fair.

Thanks for preparing the upload. But since you admit that the severity
is "very very low", I'll rather like to postpone this and we can roll
out this fix with the next fix (whenever that'd be)? Warranting a DLA
for this alone wouldn't benefit a lot if I get everything right. Do
you think it makes sense? Let me know if you're okay with this?

I am absolutely fine with this. Most people using radsecproxy by now will be using the 1.8.2 package on Buster anyway.

For bullseye I have pushed a new version to mentors.debian.net, awaiting
upload by a sponsor, in the hope of getting this in before the release.

I've sponsored your upload to unstable. For it to reach bullseye,
please also file an unblock request, if you haven't already. :)

Thank you for sponsoring the upload. I will file the unblock request later this evening.

Grüße.
Sven.

Attachment: OpenPGP_signature
Description: OpenPGP digital signature


Reply to: