-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityTracker wrote:
Thanks for notifying us of this. My apologies for the excessive delay in getting this posting corrected. We've just updated the Alert on our site to indicate that you dispute that there is a security impact. As part of our standard dispute resolution process, we have sent e-mail to the original poster (Michal Bucko (sapheal)) just to see if he has any other information to indicate security threat exists.
Thanks. He hasn't responded to our queries. Maybe you'll have better luck.
The characterization as a remote issue was clearly an error on our part.
OK. I was curious as to where it had come from.
BTW, the CVE entry does not yet reflect your position on the dispute, so you may want to contact CVE (cve@mitre.org). It does allude to 3APA3A's Bugtraq message questioning the claim. But CVE usually has a way of more clearly indicating a vendor dispute. This is what they say right now:
I've been in touch with CVE. The statement should be updated in a few days. Alan DeKok Project Leader The FreeRADIUS Server Project -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRc7Gi6kul4vkAkl9AQLSlAP/awlC8kjl8LOKw/dfxFQ93ukEDFCQN8mZ 6EeVdcK4rB6bGk/5FhtAfdudBDqQX8kmFj61tAorLsPRxHCUed9X+gdHZ/MEG2r+ md5IvwLsTO96bFVqmeOWfPTNFKEyuhFvw/G4p+kxPhXPAc1gcb1Vr29moAdUy+Ej CpLUh7s5S2E= =1Xee -----END PGP SIGNATURE-----