Change log for freeradius package in Ubuntu
| 1 → 75 of 154 results | First • Previous • Next • Last |
| Published in oracular-release |
| Published in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
freeradius (3.2.3+dfsg-2build7) noble; urgency=medium * No-change rebuild for CVE-2024-3094 -- Steve Langasek <email address hidden> Sun, 31 Mar 2024 05:22:45 +0000
Available diffs
freeradius (3.2.3+dfsg-2build6) noble; urgency=high * No change rebuild against libcurl4t64. -- Julian Andres Klode <email address hidden> Fri, 22 Mar 2024 17:05:25 +0100
Available diffs
- diff from 3.2.3+dfsg-2build2 to 3.2.3+dfsg-2build6 (716 bytes)
- diff from 3.2.3+dfsg-2build5 to 3.2.3+dfsg-2build6 (328 bytes)
| Superseded in noble-proposed |
freeradius (3.2.3+dfsg-2build5) noble; urgency=medium * No-change rebuild against libcom-err2 -- Steve Langasek <email address hidden> Tue, 12 Mar 2024 20:32:43 +0000
Available diffs
| Superseded in noble-proposed |
freeradius (3.2.3+dfsg-2build4) noble; urgency=medium * No-change rebuild against libperl5.38t64 -- Steve Langasek <email address hidden> Sat, 09 Mar 2024 18:19:16 +0000
Available diffs
| Superseded in noble-proposed |
freeradius (3.2.3+dfsg-2build3) noble; urgency=medium * No-change rebuild for perlapi5.38t64. -- Matthias Klose <email address hidden> Sun, 03 Mar 2024 05:41:45 +0100
Available diffs
| Deleted in noble-updates (Reason: superseded by release) |
| Superseded in noble-release |
| Deleted in noble-proposed (Reason: Moved to noble) |
freeradius (3.2.3+dfsg-2build2) noble; urgency=medium * No-change rebuild with Python 3.12 as default -- Graham Inggs <email address hidden> Sun, 21 Jan 2024 07:37:30 +0000
Available diffs
freeradius (3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.2) jammy; urgency=medium
* d/p/avoid-smbencrypt-segfault-with-openssl3-fixes.patch: load the
OpenSSL legacy providers and use OpenSSL3 init for MD4/MD5
(LP: #2042824).
-- Miriam EspaƱa Acebal <email address hidden> Fri, 12 Jan 2024 17:59:58 +0100
| Superseded in noble-proposed |
freeradius (3.2.3+dfsg-2build1) noble; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Thu, 11 Jan 2024 04:02:48 +0100
Available diffs
| Superseded in noble-release |
| Published in mantic-release |
| Deleted in mantic-proposed (Reason: Moved to mantic) |
freeradius (3.2.3+dfsg-2) unstable; urgency=medium
* Don't build against libpcre3 (Closes: #1000031)
FreeRADIUS will use Posix regular expressions
-- Bernhard Schmidt <email address hidden> Sun, 02 Jul 2023 22:23:21 +0200
Available diffs
- diff from 3.2.3+dfsg-1 to 3.2.3+dfsg-2 (454 bytes)
freeradius (3.2.3+dfsg-1) unstable; urgency=medium
* New upstream version 3.2.3+dfsg (Closes: #1032572)
- Drop patches applied upstream
- d/freeradius-redis.install: Include new rlm_cache_redis module
- Unfuzz d/p/snakeoil-certs.diff
* Bump Standards-Version, no changes necessary
* Drop obsolete lsb-base dependency
-- Bernhard Schmidt <email address hidden> Fri, 23 Jun 2023 20:20:19 +0200
Available diffs
- diff from 3.2.1+dfsg-4 to 3.2.3+dfsg-1 (256.2 KiB)
freeradius (3.2.1+dfsg-4) unstable; urgency=medium
* Don't install symlink for cache_eap module no longer shipped
(Closes: #1035853)
-- Bernhard Schmidt <email address hidden> Tue, 16 May 2023 00:04:23 +0200
Available diffs
- diff from 3.2.1+dfsg-3 to 3.2.1+dfsg-4 (624 bytes)
freeradius (3.2.1+dfsg-3) unstable; urgency=medium * Cherry-pick upstream patch to fix partical CA support (Closes: #1032590) -- Bernhard Schmidt <email address hidden> Fri, 10 Mar 2023 08:53:27 +0100
Available diffs
- diff from 3.2.1+dfsg-1 to 3.2.1+dfsg-3 (1.7 KiB)
freeradius (3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3.1) jammy-security; urgency=medium
* SECURITY UPDATE: DoS using abinary attribute
- debian/patches/CVE-2022-41861.patch: fix abinary attribute checks
- CVE-2022-41861
-- Nishit Majithia <email address hidden> Wed, 04 Jan 2023 08:53:09 +0530
freeradius (3.0.20+dfsg-3ubuntu0.2) focal-security; urgency=medium
* SECURITY UPDATE: null pointer dereference in eap-sim module
- debian/patches/CVE-2022-41860.patch: add sanity checks in
eapsimlib.c
- CVE-2022-41860
* SECURITY UDPATE: DoS using abinary attribute
- debian/patches/CVE-2022-41861.patch: fix abinary attribute checks
- CVE-2022-41861
-- Nishit Majithia <email address hidden> Wed, 04 Jan 2023 08:52:36 +0530
Available diffs
freeradius (3.0.16+dfsg-1ubuntu3.2) bionic-security; urgency=medium
* SECURITY UPDATE: DoS when using concurrent EAP-pwd handshakes
- debian/patches/CVE-2019-17185.patch: fix DoS due to multithreaded
BN_CTX access
- CVE-2019-17185
* SECURITY UPDATE: null pointer dereference in eap-sim module
- debian/patches/CVE-2022-41860.patch: add sanity checks in
eapsimlib.c
- CVE-2022-41860
* SECURITY UDPATE: DoS using abinary attribute
- debian/patches/CVE-2022-41861.patch: fix abinary attribute checks
- CVE-2022-41861
-- Nishit Majithia <email address hidden> Wed, 04 Jan 2023 08:48:42 +0530
Available diffs
| Superseded in mantic-release |
| Published in lunar-release |
| Deleted in lunar-proposed (Reason: Moved to lunar) |
freeradius (3.2.1+dfsg-1) unstable; urgency=medium * New upstream version 3.2.1+dfsg (Closes: #1025426) * Drop d/p/mkdirp.diff, fixed upstream * Drop d/p/python_config_script_update.diff, fixed upstream * Refresh patch * Fix lintian overrides * Bump debhelper to version 13, drop old dbgsym migration -- Bernhard Schmidt <email address hidden> Wed, 28 Dec 2022 00:10:38 +0100
Available diffs
| Superseded in lunar-proposed |
freeradius (3.2.0+dfsg-1build3) lunar; urgency=medium * No-change rebuild with Python 3.11 as default -- Graham Inggs <email address hidden> Tue, 27 Dec 2022 03:36:33 +0000
Available diffs
freeradius (3.2.0+dfsg-1build2) lunar; urgency=medium * No-change rebuild against libldap-2 -- Steve Langasek <email address hidden> Thu, 15 Dec 2022 19:47:24 +0000
Available diffs
freeradius (3.2.0+dfsg-1build1) lunar; urgency=medium * Rebuild against new perlapi-5.36. -- Gianfranco Costamagna <email address hidden> Sat, 05 Nov 2022 09:12:33 +0100
Available diffs
| Superseded in lunar-release |
| Obsolete in kinetic-release |
| Deleted in kinetic-proposed (Reason: Moved to kinetic) |
freeradius (3.2.0+dfsg-1) unstable; urgency=medium
* Acknowledge NMU, thanks Andreas Metzler
* New upstream version 3.2.0+dfsg (Closes: #1011041)
- Drop rlm_{cram,otp} (removed upstream), add rlm_json
* Refresh d/p/snakeoil-certs.diff
* Refresh d/p/python_config_script_update.diff
* Import test updates from Ubuntu, thanks Andreas Hasenack
- Add test for rlm_python3 (LP: #1969381):
- d/t/control: new rlm_python3 test
- d/t/rlm_python3-test: test the rlm_python3 module
- d/t/rlm_python3-data/*: test files
- d/t/freeradius: run python tests in verbose mode
- d/t/test-freeradius.py: test more authentication mechanisms
-- Bernhard Schmidt <email address hidden> Sat, 28 May 2022 22:24:26 +0200
Available diffs
freeradius (3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu4) kinetic; urgency=medium * Add test for rlm_python3 (LP: #1969381): - d/t/control: new rlm_python3 test - d/t/rlm_python3-test: test the rlm_python3 module - d/t/rlm_python3-data/*: test files * d/t/freeradius: run python tests in verbose mode -- Andreas Hasenack <email address hidden> Wed, 04 May 2022 15:38:02 -0300
Available diffs
freeradius (3.0.20+dfsg-3ubuntu0.1) focal; urgency=medium * Fix loading of rlm_python3 (LP: #1873923): - d/p/py3.8-libname-fix.patch: fix the python library name that freeradius is looking for when loading the rlm_python3 module - d/p/dont_call_undeclared.patch: don't attempt to load the python module if "instantiate" and "detach" are not declared - Add test for rlm_python3 + d/t/control: new rlm_python3 test + d/t/rlm_python3-test: test the rlm_python3 module + d/t/rlm_python3-data/*: test files * d/t/test-freeradius.py: test more authentication mechanisms (cherry-picked from Ubuntu 22.04) * d/t/freeradius: run python tests in verbose mode -- Andreas Hasenack <email address hidden> Thu, 14 Apr 2022 17:32:00 -0300
Available diffs
| Superseded in kinetic-release |
| Published in jammy-release |
| Deleted in jammy-proposed (Reason: Moved to jammy) |
freeradius (3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu3) jammy; urgency=medium
* d/p/fix-python-version-parsing.patch: fix parsing of python versions
with multiple digits (LP: #1873923)
-- Andreas Hasenack <email address hidden> Wed, 23 Mar 2022 20:13:55 -0300
Available diffs
freeradius (3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu2) jammy; urgency=medium * Fix radtest client crash when using mschap auth (LP: #1962046): - d/p/fix-mschap-client-crash-1.patch: load the OpenSSL legacy providers - d/p/fix-mschap-client-crash-2.patch: need OpenSSL3 init for MD5 too - d/t/test-freeradius.py: test more authentication mechanisms -- Andreas Hasenack <email address hidden> Fri, 25 Feb 2022 10:19:18 -0300
| Superseded in jammy-proposed |
freeradius (3.0.26~dfsg~git20220223.1.00ed0241fa-0ubuntu1) jammy; urgency=medium * New upstream git snapshot pre-3.0.26 (LP: #1955009) * d/p/snakeoil-certs.diff: refresh -- Andreas Hasenack <email address hidden> Wed, 23 Feb 2022 16:14:21 -0300
Available diffs
| Superseded in jammy-proposed |
freeradius (3.0.25+dfsg-1) unstable; urgency=medium
[ Bernhard Schmidt ]
* New upstream version 3.0.25+dfsg
- rlm_eap_peap dropped upstream
- rlm_sql_map and rlm_totp added
* Fix a lot of lintian overrides
[ Debian Janitor ]
* Remove constraints unnecessary since buster
-- Bernhard Schmidt <email address hidden> Tue, 22 Feb 2022 22:38:13 +0100
Available diffs
| Superseded in jammy-proposed |
freeradius (3.0.21+dfsg-3build3) jammy; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Sun, 06 Feb 2022 15:37:01 +0100
Available diffs
| Superseded in jammy-proposed |
freeradius (3.0.21+dfsg-3build2) jammy; urgency=medium * No-change rebuild with Python 3.10 as default version -- Graham Inggs <email address hidden> Sun, 16 Jan 2022 15:11:30 +0000
Available diffs
| Superseded in jammy-proposed |
freeradius (3.0.21+dfsg-3build1) jammy; urgency=medium * No-change rebuild against libssl3 -- Steve Langasek <email address hidden> Wed, 08 Dec 2021 23:31:29 +0000
Available diffs
freeradius (3.0.21+dfsg-3) unstable; urgency=medium
* Acknowledge NMUs, thanks
* Cherry-Pick upstream fix for a crash bug (Closes: #992036)
* Cherry-Pick upstream fix to add missing continuation in postgresql
sample config (Closes: #992207)
-- Bernhard Schmidt <email address hidden> Mon, 23 Aug 2021 15:49:43 +0200
Available diffs
| Superseded in jammy-release |
| Obsolete in impish-release |
| Deleted in impish-proposed (Reason: Moved to impish) |
freeradius (3.0.21+dfsg-2.2) unstable; urgency=medium * Non-maintainer upload. * Don't fail postinst if daemon is not running (Closes: #991561, #932113) -- Jochen Sprickerhof <email address hidden> Wed, 28 Jul 2021 12:28:32 +0200
Available diffs
- diff from 3.0.21+dfsg-2.1 to 3.0.21+dfsg-2.2 (711 bytes)
freeradius (3.0.21+dfsg-2.1) unstable; urgency=medium
* Non-maintainer upload.
* Fix capabilities in service file.
As freeradius is not run as root we need to request extra capabilities
wiht AmbientCapabilities instead of limiting the set with
CapabilityBoundingSet. (Closes: #985967)
-- Jochen Sprickerhof <email address hidden> Fri, 23 Jul 2021 13:19:03 +0200
Available diffs
freeradius (3.0.21+dfsg-2build2) impish; urgency=medium * No-change rebuild due to OpenLDAP soname bump. -- Sergio Durigan Junior <email address hidden> Mon, 21 Jun 2021 17:47:46 -0400
Available diffs
| Superseded in impish-release |
| Obsolete in hirsute-release |
| Deleted in hirsute-proposed (Reason: moved to Release) |
freeradius (3.0.21+dfsg-2build1) hirsute; urgency=medium * No-change rebuild to build with python3.9 as default. -- Matthias Klose <email address hidden> Mon, 23 Nov 2020 21:31:52 +0100
Available diffs
| Superseded in hirsute-proposed |
freeradius (3.0.21+dfsg-2) unstable; urgency=medium * Cherry-Pick upstream fixes to build with Python3.8 (Closes: #966860) * Drop migration code for versions earlier than oldstable (Squeeze) * Temporarily collectd integration (again) due to RC bugs * Bump to debhelper compat 10 -- Bernhard Schmidt <email address hidden> Mon, 24 Aug 2020 10:46:49 +0200
| Superseded in hirsute-release |
| Obsolete in groovy-release |
| Deleted in groovy-proposed (Reason: moved to Release) |
freeradius (3.0.21+dfsg-1ubuntu2) groovy; urgency=medium * No change rebuild against new json-c ABI. -- Dimitri John Ledkov <email address hidden> Tue, 28 Jul 2020 17:43:25 +0100
Available diffs
| Superseded in groovy-proposed |
freeradius (3.0.21+dfsg-1) unstable; urgency=medium
[ Bernhard Schmidt ]
* New upstream version 3.0.21+dfsg
* Sync freeradius.service with upstream, notable changes
- run as unprivileged user freerad
- use RuntimeDirectory (Closes: #954911)
- set ReadOnlyDirectories to the configuration (Closes: #955206)
- set some Protect* settings
- enable reloading the configuration
* Enable the control-socket site in autopkgtest and attempt a connection
to validate the fix for #954911
* Reenable collectd integration, it does not pull in the world anymore
on sid, thanks to Bernd Zeimetz (Closes: #948996)
[ Sven Hartge ]
* d/freeradius.service: Drop manual chown, not necessary
-- Bernhard Schmidt <email address hidden> Wed, 01 Apr 2020 14:21:17 +0200
| Superseded in groovy-release |
| Published in focal-release |
| Deleted in focal-proposed (Reason: moved to Release) |
freeradius (3.0.20+dfsg-3build1) focal; urgency=medium * No-change rebuild to build with python3.8. -- Matthias Klose <email address hidden> Sat, 25 Jan 2020 06:11:13 +0000
Available diffs
freeradius (3.0.20+dfsg-3) unstable; urgency=medium * Upload to unstable -- Bernhard Schmidt <email address hidden> Mon, 09 Dec 2019 23:42:23 +0100
Available diffs
- diff from 3.0.20+dfsg-1 to 3.0.20+dfsg-3 (7.6 KiB)
freeradius (3.0.20+dfsg-1) unstable; urgency=medium * New upstream version 3.0.20+dfsg * Fix reload action on sysvinit (Closes: #940608) -- Bernhard Schmidt <email address hidden> Fri, 29 Nov 2019 18:03:07 +0100
Available diffs
freeradius (3.0.19+dfsg-3build1) focal; urgency=medium * No-change rebuild for the perl update. -- Matthias Klose <email address hidden> Fri, 18 Oct 2019 19:27:32 +0000
Available diffs
| Superseded in focal-release |
| Obsolete in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
freeradius (3.0.19+dfsg-3) unstable; urgency=medium
* Drop collectd integration from freeradius-utils - temporarily?
collectd is marked for autoremoval at the end of August due to three
RC bugs that do not show any recent activity (Bug#925849, Bug#926528,
Bug#932299). Additionally, depending on libcollectdclient pulls in
(with Recommends on collectd) 200 additional binary packages. See
Bug#933296.
-- Bernhard Schmidt <email address hidden> Wed, 21 Aug 2019 17:11:40 +0200
Available diffs
| Superseded in eoan-proposed |
freeradius (3.0.19+dfsg-2ubuntu1) eoan; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe.
Available diffs
| Superseded in eoan-proposed |
freeradius (3.0.19+dfsg-1ubuntu1) eoan; urgency=medium
* Merge from Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe.
Available diffs
freeradius (3.0.17+dfsg-1.1ubuntu2) eoan; urgency=medium * Rebuild against new libjson-c4. -- Gianfranco Costamagna <email address hidden> Sat, 29 Jun 2019 13:49:45 +0200
| Superseded in eoan-proposed |
freeradius (3.0.17+dfsg-1.1ubuntu1) eoan; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe.
Available diffs
| Superseded in eoan-release |
| Deleted in eoan-proposed (Reason: moved to release) |
| Obsolete in disco-updates |
| Obsolete in disco-security |
freeradius (3.0.17+dfsg-1ubuntu2.1) disco-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
-- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Apr 2019 10:30:19 -0300
Available diffs
freeradius (3.0.16+dfsg-3ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
-- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Apr 2019 10:17:33 -0300
Available diffs
freeradius (3.0.16+dfsg-1ubuntu3.1) bionic-security; urgency=medium
* SECURITY UPDATE: Bypass authentication
- debian/patches/CVE-2019-11234-and-2019-11235-*.patch: fix
by assuring the received scalar lies within the valid
range, and by checking that the received element is not the
point at infinity and lies on the elliptic curve being used
in src/modules/rlm_eap/types/rlm_eap_pwd/eap_pwd.c.
- CVE-2019-11234
- CVE-2019-11235
-- <email address hidden> (Leonidas S. Barbosa) Wed, 17 Apr 2019 09:59:55 -0300
Available diffs
| Superseded in eoan-release |
| Obsolete in disco-release |
| Deleted in disco-proposed (Reason: moved to release) |
freeradius (3.0.17+dfsg-1ubuntu2) disco; urgency=medium
* No-change rebuild against mysql 5.7, reverting the deferred mysql-8.0
transition
-- Steve Langasek <email address hidden> Tue, 05 Feb 2019 10:46:18 -0800
Available diffs
| Superseded in disco-proposed |
freeradius (3.0.17+dfsg-1ubuntu1) disco; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe.
Available diffs
| Superseded in disco-proposed |
freeradius (3.0.16+dfsg-3ubuntu5) disco; urgency=medium * No-change rebuild against libmysqlclient21 -- Steve Langasek <email address hidden> Fri, 01 Feb 2019 16:58:24 +0000
Available diffs
freeradius (3.0.16+dfsg-3ubuntu4) disco; urgency=medium * No-change rebuild for readline soname change. -- Matthias Klose <email address hidden> Mon, 14 Jan 2019 19:59:21 +0000
Available diffs
freeradius (3.0.16+dfsg-3ubuntu3) disco; urgency=medium * No-change rebuild against libhiredis0.14 -- Steve Langasek <email address hidden> Mon, 12 Nov 2018 08:46:34 +0000
Available diffs
freeradius (3.0.16+dfsg-3ubuntu2) disco; urgency=medium * No-change rebuild for the perl 5.28 transition. -- Adam Conrad <email address hidden> Fri, 02 Nov 2018 18:08:16 -0600
Available diffs
| Superseded in disco-release |
| Obsolete in cosmic-release |
| Deleted in cosmic-proposed (Reason: moved to release) |
freeradius (3.0.16+dfsg-3ubuntu1) cosmic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe.
Available diffs
| Superseded in cosmic-release |
| Published in bionic-release |
| Deleted in bionic-proposed (Reason: moved to release) |
freeradius (3.0.16+dfsg-1ubuntu3) bionic; urgency=medium * No-change rebuild against libcurl4 -- Steve Langasek <email address hidden> Wed, 28 Feb 2018 06:51:17 +0000
Available diffs
freeradius (3.0.16+dfsg-1ubuntu2) bionic; urgency=high * No change rebuild against openssl1.1. -- Dimitri John Ledkov <email address hidden> Wed, 07 Feb 2018 11:35:23 +0000
Available diffs
| Superseded in bionic-proposed |
freeradius (3.0.16+dfsg-1ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe
(LP #1522040).
Available diffs
| Superseded in bionic-release |
| Obsolete in artful-release |
| Deleted in artful-proposed (Reason: moved to release) |
freeradius (3.0.15+dfsg-1ubuntu2) artful; urgency=medium * No-change rebuild for perl 5.26.0. -- Matthias Klose <email address hidden> Wed, 26 Jul 2017 20:02:29 +0000
Available diffs
freeradius (2.1.12+dfsg-1.2ubuntu8.2) trusty-security; urgency=medium
* SECURITY UPDATE: read/write overflow in make_secret()
- debian/patches/CVE-2017-10978.patch: check lengths in
src/lib/radius.c.
- CVE-2017-10978
* SECURITY UPDATE: write overflow in rad_coalesce
- debian/patches/CVE-2017-10979.patch: check for long attributes in
src/lib/dhcp.c, src/lib/radius.c.
- CVE-2017-10979
* SECURITY UPDATE: memory leak in decode_tlv()
- debian/patches/CVE-2017-10980.patch: fix memory leak in
src/lib/dhcp.c.
- CVE-2017-10980
* SECURITY UPDATE: memory leak in fr_dhcp_decode()
- debian/patches/CVE-2017-10981.patch: fix another memory leak in
src/lib/dhcp.c.
- CVE-2017-10981
* SECURITY UPDATE: read overflow in fr_dhcp_decode_options()
- debian/patches/CVE-2017-10982.patch: check for long options in
src/lib/dhcp.c.
- CVE-2017-10982
* SECURITY UPDATE: read overflow when decoding option 63
- debian/patches/CVE-2017-10983.patch: decode correct option in
src/lib/dhcp.c.
- CVE-2017-10983
-- Marc Deslauriers <email address hidden> Wed, 26 Jul 2017 10:56:56 -0400
Available diffs
freeradius (3.0.12+dfsg-4ubuntu1.2) zesty-security; urgency=medium
* SECURITY UPDATE: read/write overflow in make_secret()
- debian/patches/CVE-2017-10978.patch: check lengths in
src/lib/radius.c.
- CVE-2017-10978
* SECURITY UPDATE: read overflow when decoding option 63
- debian/patches/CVE-2017-10983.patch: decode correct option in
src/modules/proto_dhcp/dhcp.c.
- CVE-2017-10983
* SECURITY UPDATE: write overflow in data2vp_wimax()
- debian/patches/CVE-2017-10984-1.patch: handle malformed attributes in
src/lib/radius.c, added test to src/tests/unit/wimax.txt.
- debian/patches/CVE-2017-10984-2.patch: simplify code in
src/lib/radius.c, added test to src/tests/unit/extended.txt.
- CVE-2017-10984
* SECURITY UPDATE: infinite loop and memory exhaustion with 'concat'
attributes
- debian/patches/CVE-2017-10985.patch: fix checks in src/lib/radius.c,
added test to src/tests/unit/rfc.txt.
- CVE-2017-10985
* SECURITY UPDATE: infinite read in dhcp_attr2vp()
- debian/patches/CVE-2017-10986.patch: fix loop in
src/modules/proto_dhcp/dhcp.c.
- CVE-2017-10986
* SECURITY UPDATE: Buffer over-read in fr_dhcp_decode_suboptions()
- debian/patches/CVE-2017-10987.patch: check for room in
src/modules/proto_dhcp/dhcp.c.
- CVE-2017-10987
-- Marc Deslauriers <email address hidden> Wed, 26 Jul 2017 10:23:14 -0400
Available diffs
freeradius (2.2.8+dfsg-0.1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: read/write overflow in make_secret()
- debian/patches/CVE-2017-10978.patch: check lengths in
src/lib/radius.c.
- CVE-2017-10978
* SECURITY UPDATE: write overflow in rad_coalesce
- debian/patches/CVE-2017-10979.patch: check for long attributes in
src/lib/dhcp.c, src/lib/radius.c.
- CVE-2017-10979
* SECURITY UPDATE: memory leak in decode_tlv()
- debian/patches/CVE-2017-10980.patch: fix memory leak in
src/lib/dhcp.c.
- CVE-2017-10980
* SECURITY UPDATE: memory leak in fr_dhcp_decode()
- debian/patches/CVE-2017-10981.patch: fix another memory leak in
src/lib/dhcp.c.
- CVE-2017-10981
* SECURITY UPDATE: read overflow in fr_dhcp_decode_options()
- debian/patches/CVE-2017-10982.patch: check for long options in
src/lib/dhcp.c.
- CVE-2017-10982
* SECURITY UPDATE: read overflow when decoding option 63
- debian/patches/CVE-2017-10983.patch: decode correct option in
src/lib/dhcp.c.
- CVE-2017-10983
-- Marc Deslauriers <email address hidden> Wed, 26 Jul 2017 10:32:39 -0400
Available diffs
freeradius (3.0.15+dfsg-1ubuntu1) artful; urgency=medium * Merge with Debian unstable (LP: #1704387). Remaining changes: - d/control: drop b-d on collectd, as it is in universe (LP #1522040). -- Nishanth Aravamudan <email address hidden> Fri, 21 Jul 2017 10:54:03 +0200
Available diffs
freeradius (3.0.12+dfsg-4ubuntu1.1) zesty-security; urgency=medium
* SECURITY UPDATE: authentication bypass via session resumption
- debian/patches/disable-session-cache-CVE-2017-9148.patch: completely
disable session caching in src/main/tls.c. Thanks to Debian for the
patch!
- CVE-2017-9148
-- Marc Deslauriers <email address hidden> Wed, 07 Jun 2017 10:23:34 -0400
Available diffs
freeradius (3.0.12+dfsg-5ubuntu1) artful; urgency=medium
* Merge with Debian unstable. Remaining changes:
- d/control: drop b-d on collectd, as it is in universe
(LP #1522040).
-- Nishanth Aravamudan <email address hidden> Wed, 31 May 2017 14:40:06 -0700
Available diffs
| Superseded in artful-release |
| Obsolete in zesty-release |
| Deleted in zesty-proposed (Reason: moved to release) |
freeradius (3.0.12+dfsg-4ubuntu1) zesty; urgency=medium * Merge with Debian unstable (LP: #1647579). Remaining changes: - d/control: drop b-d on collectd, as it is in universe (LP #1522040). * Drop: - d/t: update tests for 3.x (Closes #710895) + Password must be provided as 'User-Password'. + Configuration is stored in /etc/freeradius/3.0/. + Response strings do not contain 'code X' any longer. [ Fixed in Debian ] - d/freeradius.postinst: revert incorrect removal of /var/log file creation + 42abc545 ('Remove all use of dpkg-statoverride') included a non-dpkg-statoverride-related removal. [ Fixed in Debian ] -- Nishanth Aravamudan <email address hidden> Tue, 06 Dec 2016 09:12:44 +0100
Available diffs
freeradius (3.0.12+dfsg-3ubuntu2) zesty; urgency=medium
* d/t: update tests for 3.x (Closes: #710895)
- Password must be provided as 'User-Password'.
- Configuration is stored in /etc/freeradius/3.0/.
- Response strings do not contain 'code X' any longer.
* d/freeradius.postinst: revert incorrect removal of /var/log file creation
- 42abc545 ('Remove all use of dpkg-statoverride') included a
non-dpkg-statoverride-related removal.
-- Nishanth Aravamudan <email address hidden> Thu, 17 Nov 2016 11:04:34 -0800
Available diffs
| Superseded in zesty-proposed |
freeradius (3.0.12+dfsg-3ubuntu1) zesty; urgency=medium * d/control: drop b-d on collectd, as it is in universe (LP: #1522040). -- Nishanth Aravamudan <email address hidden> Fri, 11 Nov 2016 17:46:15 -0800
Available diffs
| Superseded in zesty-proposed |
freeradius (3.0.12+dfsg-3) unstable; urgency=medium
* update debian/patches/openssl-1.1.diff to fix compilation with older
OpenSSL versions.
* maintscripts: fix symlink creation condition
-- Michael Stapelberg <email address hidden> Thu, 10 Nov 2016 10:12:15 +0100
Available diffs
freeradius (2.2.8+dfsg-0.1build3) zesty; urgency=medium * No-change rebuild for perl 5.24 transition -- Iain Lane <email address hidden> Mon, 24 Oct 2016 10:08:19 +0100
Available diffs
| Superseded in zesty-release |
| Obsolete in yakkety-release |
| Published in xenial-release |
| Deleted in xenial-proposed (Reason: moved to release) |
freeradius (2.2.8+dfsg-0.1build2) xenial; urgency=medium * Rebuild against libmysqlclient20. -- Robie Basak <email address hidden> Tue, 05 Apr 2016 12:22:24 +0000
Available diffs
freeradius (2.2.8+dfsg-0.1build1) xenial; urgency=medium * Rebuild for Perl 5.22.1. -- Colin Watson <email address hidden> Fri, 18 Dec 2015 01:07:36 +0000
Available diffs
| Superseded in xenial-release |
| Obsolete in wily-release |
| Deleted in wily-proposed (Reason: moved to release) |
freeradius (2.1.12+dfsg-1.3ubuntu5) wily; urgency=medium
* debian/tests/control: Drop python-unit test dependency, just depend on
"python". The package was removed and is not used.
-- Martin Pitt <email address hidden> Thu, 15 Oct 2015 12:32:03 +0200
Available diffs
| 1 → 75 of 154 results | First • Previous • Next • Last |
