201058 – net/freeradius2: [security] FreeRADIUS insufficent CRL application (CVE-2015-4680)

Bug 201058 - net/freeradius2: [security] FreeRADIUS insufficent CRL application (CVE-2015-4680)

Summary: net/freeradius2: [security] FreeRADIUS insufficent CRL application (CVE-2015-...

Status:	Closed FIXED

Alias:	None

Product:	Ports & Packages
Classification:	Unclassified
Component:	Individual Port(s) (show other bugs)
Version:	Latest
Hardware:	Any Any

Importance:	--- Affects Some People
Assignee:	Ryan Steinmetz

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-06-22 22:05 UTC by Jason Unovitch
Modified:	2015-07-13 11:43 UTC (History)
CC List:	0 users

See Also:

Flags:	bugzilla: maintainer-feedback? (zi)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jason Unovitch freebsd_committer

2015-06-22 22:05:09 UTC

Seen today on oss-security mailing list:
http://www.ocert.org/advisories/ocert-2015-008.html

Comment 1 Ryan Steinmetz freebsd_committer

2015-06-23 05:55:55 UTC

I will update the ports once the fixed versions have been released.  As of minutes ago, they are not yet out.

Comment 2 Jason Unovitch freebsd_committer

2015-07-13 10:07:06 UTC

Thanks.  We should just need an MFH to 2015Q3 of the 2.2.7 -> 2.2.8 update then PR is ready for close.

Comment 3 Ryan Steinmetz freebsd_committer

2015-07-13 11:37:10 UTC

Port updated to 2.2.8