On Thu, May 26, 2005 at 09:17:09PM -0400, Paul Hampson wrote: > Format: 1.7 > Date: Mon, 23 May 2005 18:53:51 +1000 > Source: freeradius > Binary: freeradius-mysql freeradius-krb5 freeradius freeradius-iodbc freeradius-ldap freeradius-dialupadmin > Architecture: source i386 all > Version: 1.0.2-4 > Distribution: unstable > Urgency: high > Maintainer: Paul Hampson <Paul.Hampson@anu.edu.au> > Changed-By: Paul Hampson <Paul.Hampson@anu.edu.au> > Description: > freeradius - a high-performance and highly configurable RADIUS server > freeradius-dialupadmin - set of PHP scripts for administering a FreeRADIUS server > freeradius-iodbc - iODBC module for FreeRADIUS server > freeradius-krb5 - kerberos module for FreeRADIUS server > freeradius-ldap - LDAP module for FreeRADIUS server > freeradius-mysql - MySQL module for FreeRADIUS server > Closes: 307720 > Changes: > freeradius (1.0.2-4) unstable; urgency=high > . > * Security fix stolen from CVS release_1_0 branch: > - Always use sql_escape_func when calling radius_xlat > - Add a test in sql_escape_func() to check buffer bound when > input character needs escaping. > - Urgency high as these are (theoretical) security issues. > Closes: #307720 (Thanks to Primoz Bratanic and Nicolas Baradakis) Approved for sarge. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature